on 04-07-2014 6:58 AM
Hello All,
Can Anyone let me know what Auditors Check When they Audit GRC 10.0 Access request Management (excluding Configuration).
Thanks
Mohammed Wasim
Hi,
ARM supports key ITGC controls for user access management, so probably audit would also cover:
- review of updated processes & controls
- check (based on sample) if all requests were properly approved
- review of correctness of approvers assignment
- verification if what was requested was provisioned
- timely removal of terminated access
- review of SoD controls embedded in process
- periodic review of user access
and maybe some more controls. In most cases it will be sample based testing so auditors may ask for a sample of requests to trace them to back-end systems and opposite sample of changes in users privileges to verify if proper requests were prepared for those changes...
Sometimes they could perform more tests on configuration and process, but this is up to particular auditor.
Best regards, Andrzej
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
10 | |
3 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.