Audit Question on Periodic System Review

70 pts.
Tags:
Audit Policy
Auditing
Auditing (systems operations)
Security in 2010
System administrator
Systems administration
Hello, I am auditing a client and would like to understand if there is any risk with the following scenario. We are auditing the periodic review of system privilege for payroll/HR system.

The review is only done by one individual. This individual is the system owner and the system administrator. I am trying to understand if there is any potential SoD risk here with this review.

The potential risk that I can think of is that this user could create fictitious accounts and use that account to process fraudulent payroll activity. Since this user has access to setup new accounts or make unuauthorized access changes, should the review be also performed by another user that is not a system administrator? I would appreciate any insights on this. Thank you.

Answer Wiki

Thanks. We'll let you know when a new response is added.

There is definitely a risk.

Any activity that needs to be reviewed should be reviewed by someone else in addition to the person that performs such activity.

—————–

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following