Page 58 - Auditinf Electronic System
P. 58
System security depends mainly on: operating systems and network and Proper
Data base management
Auditor role:
Use audit procedures to Verify the accurate structure of
1) IT Function,
2) operating systems
3) network
4) Proper Data base management:
❑ Obtain and review security policy
❑ Verify policy is communicated
❑ Review relevant documentation (org. chart, mission statement, key job
descriptions) to determine if individuals are performing incompatible tasks.
❑ Review systems documentation and maintenance records (using a sample of
applications)
❑ Verify whether maintenance programmers are not also original design
programmers
❑ Observe segregation policies in practice
❑ Review operations room access log to determine whether programmers enter
the facility for reasons other than system failures
❑ Review user rights and privileges
❑ Review Physical controls over computer centers
❑ Review applied Disaster recovery plan employed
❑ Test activation of authorization and authentication controls
o All users are required to have passwords
o password instructions for new users
o passwords changed regularly
o password file to determine that weak passwords are identified and
disallowed
o encryption of password file and the encryption key is properly secured.
o password standards
o account lockout policies: The auditor should determine how many failed
logon attempts are allowed before the account is locked
❑ Test Audit trails control (verify existence of transaction log-Review sample
of transactions) review or verify…
1. Audit trails have been activated in accordance to the organization policy.
2. Archived log files to search for
▪ unauthorized or terminated users
▪ periods of inactivity
59
58
جميع الحقوق محفوظة ـ الإعتداء على حق المؤلف بالنسخ أو الطباعة يعرض فاعله للمسائلة القانونية
