![Show Menu](styles/mobile-menu.png)
![Page Background](./../common/page-substrates/page0272.png)
This report is intended for use by the management of the Variable Annuity Life Insurance Company ("VALIC") and its subsidiaries.
VALIC Retirement Services Company ("VRSCO") and VALIC Financial Advisors, Inc. ("VFA"), its user entities, and the independent
auditors of its user entities, and is not intended and should not be used by anyone other than these specified parties.
Back to TOCClick
VALIC
.com 86
Control Objective 13A
- Controls provide reasonable assurance that logical access to V-System is properly
authorized by VALICManagement.
Control Objective 13B
- Controls provide reasonable assurance that logical access to distributed systems including
SAP is properly authorized by VALICManagement.
VALIC Control Activities
Tests of Operating Effectiveness
Results of Tests
13.17 (13A, 13B) VALIC managers
perform annual reviews of
Oracle, SQL and DB2 database
user access by reviewing current
user profiles/privileges. A
list of corrections is prepared
and forwarded to the security
administrator for processing.
Inspected a sample of Oracle, SQL,
and DB2 user access reviews to
determine whether VALIC managers
reviewed VALIC users’ access.
Inspected a sample of change requests
to determine whether changes
resulting from user access reviews
were processed.
No exceptions noted.
No exceptions noted.
13.18 (13B) User access to SAP is
reviewed annually and recertified
by an appropriate authority
to confirm that the access is
aligned with the user’s current
job functions. Changes to user
access discovered during the
recertification are acted upon by
an appropriate authority.
Inspected a sample of SAP user access
reviews performed in SailPoint to
determine whether VALIC managers
reviewed VALIC users’ access.
Inspected a sample of change requests
to determine whether changes
resulting from user access reviews
were processed.
No exceptions noted.
No exceptions noted.
IV. VALIC control objectives and controls, and PricewaterhouseCoopers LLP's tests of operating
effectiveness and results of tests