请将以下翻译成中文。 20
Departmentisresponsibleforgettingsatisfactory/goodauditgradingandtoensureallcontrolwe...
Department is responsible for getting satisfactory / good audit grading and to ensure all control weaknesses highlighted by auditors are addressed within the target timeframe.
Issues raised by Internal Audit, External Audit and Regulatory Audit must be addressed promptly. There must be agreed action plans, with appropriate milestones in place to address all significant control weaknesses highlighted by auditors.
Any extension of completion timeline must be approved by International Division Head.
Information held in electronic form in the Company’s system needs to be protected against unauthorised access and disclosure. The Company’s Information Security policy, standards and procedures should be understood and comply with at all times. Where there are local regulatory requirement for information security (e.g. data protection), it must also be adhered to.
Department should also be aware of operational risks in relation to technology as follows:
- Fraud, theft of information, manipulation of data by gaining access to systems; break in to computer room
- Errors from manual data input or from system software application update/amendment
- Misinformation when a functionality of an application is poorly specified or inaccurately developed which went undetected for a period of time; when audit trail is poor;
- Interruption or system downtime due to hardware failure, power failure, without adequate contingency arrangement
Department must also record and account for all services that have been outsourced to external service provider, regardless of whether they are ‘Material’ outsourcing or not. For ‘Material’ outsourcing, Department must comply with the local regulatory requirement or Company ORM’s requirement for managing outsourced activities, whichever is more stringent. 展开
Issues raised by Internal Audit, External Audit and Regulatory Audit must be addressed promptly. There must be agreed action plans, with appropriate milestones in place to address all significant control weaknesses highlighted by auditors.
Any extension of completion timeline must be approved by International Division Head.
Information held in electronic form in the Company’s system needs to be protected against unauthorised access and disclosure. The Company’s Information Security policy, standards and procedures should be understood and comply with at all times. Where there are local regulatory requirement for information security (e.g. data protection), it must also be adhered to.
Department should also be aware of operational risks in relation to technology as follows:
- Fraud, theft of information, manipulation of data by gaining access to systems; break in to computer room
- Errors from manual data input or from system software application update/amendment
- Misinformation when a functionality of an application is poorly specified or inaccurately developed which went undetected for a period of time; when audit trail is poor;
- Interruption or system downtime due to hardware failure, power failure, without adequate contingency arrangement
Department must also record and account for all services that have been outsourced to external service provider, regardless of whether they are ‘Material’ outsourcing or not. For ‘Material’ outsourcing, Department must comply with the local regulatory requirement or Company ORM’s requirement for managing outsourced activities, whichever is more stringent. 展开
展开全部
Department is responsible for getting satisfactory / good audit grading and to ensure all control weaknesses highlighted by auditors are addressed within the target timeframe. 部门负责得到满意的/好的审计分级,以确保所有的弱点,审计师控制突出问题在目标的时间表。
Issues raised by Internal Audit, External Audit and Regulatory Audit must be addressed promptly. 问题提出的内部审计,外部审计和监管审计必须解决很迅速There must be agreed action plans, with appropriate milestones in place to address all significant control weaknesses highlighted by auditors. 必须有约定的行动计划,以适当的里程碑到位,地址所有重要的控制弱点强调审计师。
Any extension of completion timeline must be approved by International Division Head. 完成任何延期时间必须经国际分工的头。
Information held in electronic form in the Company’s system needs to be protected against unauthorised access and disclosure. 在电子表格信息举行公司的系统需要防止未经授权的访问和披露。 The Company’s Information Security policy, standards and procedures should be understood and comply with at all times. 公司的信息安全政策、标准和程序应该被理解并遵守时刻。
Where there are local regulatory requirement for information security (e.g. data protection), it must also be adhered to. :哪里有当地的监管要求,信息安全(例如数据保护),它也必须坚持。
Department should also be aware of operational risks in relation to technology as follows:
部门也应该意识到技术操作风险关系如下:
- Fraud, theft of information, manipulation of data by gaining access to systems; break in to computer room欺诈、窃取信息,处理数据,获得系统;打破在电脑室
- Errors from manual data input or from system software application update/amendment错误的输入数据或手动从系统应用软件更新/修改
- Misinformation when a functionality of an application is poorly specified or inaccurately developed which went undetected for a period of time; when audit trail is poor; 当一个错误的功能较差或申请指定了有误被了一段时间,当审计较差
- Interruption or system downtime due to hardware failure, power failure, without adequate contingency arrangement中断或系统故障停机时间由于硬件故障、停电,没有足够的应急安排
Department must also record and account for all services that have been outsourced to external service provider, regardless of whether they are ‘Material’ outsourcing or not. 部门还必须记录和解释所有的服务,被外包给了外部服务提供商,不管他们是“资料的外包. For ‘Material’ outsourcing, Department must comply with the local regulatory requirement or Company ORM’s requirement for managing outsourced activities, whichever is more.
“资料的外包、部门必须符合当地法规要求或公司的需求管理场ORM外包活动,无论哪个更严格。
Issues raised by Internal Audit, External Audit and Regulatory Audit must be addressed promptly. 问题提出的内部审计,外部审计和监管审计必须解决很迅速There must be agreed action plans, with appropriate milestones in place to address all significant control weaknesses highlighted by auditors. 必须有约定的行动计划,以适当的里程碑到位,地址所有重要的控制弱点强调审计师。
Any extension of completion timeline must be approved by International Division Head. 完成任何延期时间必须经国际分工的头。
Information held in electronic form in the Company’s system needs to be protected against unauthorised access and disclosure. 在电子表格信息举行公司的系统需要防止未经授权的访问和披露。 The Company’s Information Security policy, standards and procedures should be understood and comply with at all times. 公司的信息安全政策、标准和程序应该被理解并遵守时刻。
Where there are local regulatory requirement for information security (e.g. data protection), it must also be adhered to. :哪里有当地的监管要求,信息安全(例如数据保护),它也必须坚持。
Department should also be aware of operational risks in relation to technology as follows:
部门也应该意识到技术操作风险关系如下:
- Fraud, theft of information, manipulation of data by gaining access to systems; break in to computer room欺诈、窃取信息,处理数据,获得系统;打破在电脑室
- Errors from manual data input or from system software application update/amendment错误的输入数据或手动从系统应用软件更新/修改
- Misinformation when a functionality of an application is poorly specified or inaccurately developed which went undetected for a period of time; when audit trail is poor; 当一个错误的功能较差或申请指定了有误被了一段时间,当审计较差
- Interruption or system downtime due to hardware failure, power failure, without adequate contingency arrangement中断或系统故障停机时间由于硬件故障、停电,没有足够的应急安排
Department must also record and account for all services that have been outsourced to external service provider, regardless of whether they are ‘Material’ outsourcing or not. 部门还必须记录和解释所有的服务,被外包给了外部服务提供商,不管他们是“资料的外包. For ‘Material’ outsourcing, Department must comply with the local regulatory requirement or Company ORM’s requirement for managing outsourced activities, whichever is more.
“资料的外包、部门必须符合当地法规要求或公司的需求管理场ORM外包活动,无论哪个更严格。
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
推荐律师服务:
若未解决您的问题,请您详细描述您的问题,通过百度律临进行免费专业咨询
