![Show Menu](styles/mobile-menu.png)
![Page Background](./../common/page-substrates/page0269.png)
This report is intended for use by the management of the Variable Annuity Life Insurance Company ("VALIC") and its subsidiaries.
VALIC Retirement Services Company ("VRSCO") and VALIC Financial Advisors, Inc. ("VFA"), its user entities, and the independent
auditors of its user entities, and is not intended and should not be used by anyone other than these specified parties.
Back to TOCClick
VALIC
.com 83
Control Objective 13A
- Controls provide reasonable assurance that logical access to V-System is properly
authorized by VALICManagement.
Control Objective 13B
- Controls provide reasonable assurance that logical access to distributed systems including
SAP is properly authorized by VALICManagement.
VALIC Control Activities
Tests of Operating Effectiveness
Results of Tests
13.7 (13A, 13B) Contractor access
is automatically revoked after
90 days unless the manager
recertifies.
Inspected evidence that access for a
contractor was revoked on the 90 day
expiration date when not recertified by
a manager.
No exceptions noted.
13.8 (13A, 13B) Newaccess requests
of VALICemployees for the
mainframe and distributed
applications are documented and
approved by appropriateVALIC
management.
Mainframe
Inspected a sample of new user access
requests for the mainframe application
to determine whether the new user
access requests were documented
and appropriately approved by their
managers.
Distributed Systems
Inspected a sample of new user access
requests for distributed systems to
determine whether the new user
access requests were documented
and appropriately approved by their
managers.
No exceptions noted.
No exceptions noted.
13.9 (13B) New user access requests
to the Oracle and SQL database
are initiated and approved by
appropriate VALIC management.
Oracle
Inspected a sample of new user access
requests to Oracle databases to
determine whether new user access
requests were appropriately requested
and approved in the DBA Help Desk or
CMNA system prior to gaining access.
SQL
Inspected a sample of new user
access requests to SQL databases to
determine whether new user access
requests were appropriately requested
and approved in the DBA Request
Form or CMNA ticket prior to gaining
access.
No exceptions noted.
No exceptions noted.
13.10 (13B) Requests to add or
change access to SAP must be
documented and approved by an
appropriate authority.
Inspected a sample of new and
modified SAP user access to determine
whether new user access requests
were approved by the appropriate
authority.
No exceptions noted.
IV. VALIC control objectives and controls, and PricewaterhouseCoopers LLP's tests of operating
effectiveness and results of tests