Table of Contents Table of Contents
Previous Page  288 / 499 Next Page
Information
Show Menu
Previous Page 288 / 499 Next Page
Page Background

This report is intended for use by the management of the Variable Annuity Life Insurance Company ("VALIC") and its subsidiaries.

VALIC Retirement Services Company ("VRSCO") and VALIC Financial Advisors, Inc. ("VFA"), its user entities, and the independent

auditors of its user entities, and is not intended and should not be used by anyone other than these specified parties.

Back to TOC

Click

VALIC

.com 81

Access to Data Files and Programs

Control Objective 13A

- Controls provide reasonable assurance that logical access to V-System is properly

authorized by VALICManagement.

Control Objective 13B

- Controls provide reasonable assurance that logical access to distributed systems including

SAP is properly authorized by VALICManagement.

VALIC Control Activities

Tests of Operating Effectiveness

Results of Tests

13.1 (13A, 13B) Access to migrate

changes to the production

environment is limited to

authorized VALIC migration

personnel separate from

development function.

Mainframe

Inspected user access to mainframe to

determine whether developers did not

have access to migrate changes to the

production environment.

Distributed Systems

Inspected user access to MS Team

Foundation Server (TFS) to determine

whether developers did not have

access to migrate changes to the

production environment.

No exceptions noted.

No exceptions noted.

13.2 (13B) SAP developer update

access to the production

environment is appropriately

controlled and restricted.

Inspected SAP user access listing to

determine whether access to migrate

transports into the production

environment is restricted to the SAP

Solution Center BASIS team.

Inspected SAP user access listing to

determine whether segregation of

duties existed between the transport

creator and transport migrator.

Inspected the production support

configuration for SAP to assess

whether client dependent settings

and cross-client independent settings

are set to 'non-changeable'.

No exceptions noted.

No exceptions noted.

No exceptions noted.

IV. VALIC control objectives and controls, and PricewaterhouseCoopers LLP's tests of operating

effectiveness and results of tests

1 283 284 285 286 287 288 289 290 291 292 293 294 498-499  FlippingBook