This tool contains four sample work programs that provide best-practice steps an organization should consider when evaluating its IT general controls environment.

Sample steps in these programs include: obtain a copy of the information security policy; confirm that the policy addresses user authentication, password complexity and system security; confirm that the policy has been reviewed and approved by senior management; confirm that access to the in-scope applications requires the use of a password; confirm that desktops are required to use passwords; and confirm that the usage of default accounts (if any) is limited to one individual.