4552 S4 Fall 2010

Uritycontrols2005agr 1userprofilesaccessrightsand

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: he following areas (Source: 2005 February Status Report of the Auditor General of Canada; Ch. 8 – Managing Government: Financial Information, App. B, from: ): http://www.oag­bvg.gc.ca/internet/English/att_20050208ab_e_13979.html Electronic security controls Monitoring controls Application control issues 13 Common internal control weaknesses: Common internal control weaknesses: Electronic security controls (2005 AGR) (1) User profiles (access rights and privileges) provided for incompatible functions and broad access to systems (2) “Super user accounts” were not controlled (3) Use of generic (or common) user IDs were prevalent (4) Key security parameters (such as tables that identify access rights or report structure) were not effectively controlled 14 Impact on Business and on the Audit Impact on of security weaknesses (2005 AGR) Unauthorized access to data or programs could occur Accidental or intentional changes to data or destruction of information could occur Incorrect reports could be prepared Auditor cannot rely on segregation of duties or quality of information 15 Common internal control weaknesses: Common internal control weaknesses: Monitoring/supervision controls (2...
View Full Document

This document was uploaded on 02/15/2014.

Ask a homework question - tutors are online