IT Governance, Risk, and Compliance

Mar 23 2012   8:03PM GMT

Irregularities and Illegal Acts Agreed-Upon Procedures Assessments – Part V

Robert Davis Robert Davis Profile: Robert Davis

Effective policy, procedure, or directive compliance requires an extensive set of interrelated practices as well as processes. However, organizational policies, procedures, and directives may not incorporate controls or may reflect inadequate controls. Furthermore, organizational policies, procedures, and directives may be inaccurate, incomplete, or outdated. Conversely, regarding adequate controls, GCC organizational policies, procedures and directives should include computer security measures. Specifically, at a minimum, one organizational GCC policy and procedure should address unauthorized computer usage and requesting computer access.

Through key operations GCC; Segregation-of-Functions (SOF) and Segregation-of-Duties (SOD) supports policies, procedures, directives, and an organizational structure established to inhabit one individual from conducting unauthorized actions or gaining unauthorized access to assets or records. Assessing control existence and adequacy for an audit area are primary IT auditor responsibilities. Therefore, an IT auditor should study and evaluate policies, procedures, directives, SOF, and SOD controls as well as protection-of-information-assets to demonstrate due diligence regarding irregular and illegal act risks.

View Part I of the Irregularities and Illegal Acts Agreed-Upon Procedures Assessments series here

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: