Audit Question on Periodic System Review

70 pts.
Tags:
Audit Policy
Auditing
Security
System administrator
Systems administration
Hello, I am auditing a client and would like to understand if there is any risk with the following scenario. We are auditing the periodic review of system privilege for payroll/HR system.

The review is only done by one individual. This individual is the system owner and the system administrator. I am trying to understand if there is any potential SoD risk here with this review.

The potential risk that I can think of is that this user could create fictitious accounts and use that account to process fraudulent payroll activity. Since this user has access to setup new accounts or make unuauthorized access changes, should the review be also performed by another user that is not a system administrator? I would appreciate any insights on this. Thank you.

Answer Wiki

Thanks. We'll let you know when a new response is added.

There is definitely a risk.

Any activity that needs to be reviewed should be reviewed by someone else in addition to the person that performs such activity.

—————–

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: