I am performing internal audit on windows security monitoring process. The client performs periodic review of windows domain administrators to detect if there were any unauthorized access. For one of the review, we found out the individual was reviewing her own activity. My first thought is that this could be an SoD conflict.
I am trying to understand the audit risk with this process. There is no financial systems in scope that sit on Windows OS except for ADP, which is managed by third party vendor. Is there any financial audit risk with this? If the domain admin did attempt to login to windows, would there be any impact to the financial systems or is this just security risk with windows only? Appreciate any insights on this. Thanks. John.