Big4Guy

Confessions, Thoughts, Observations and Musings of a Big4Guy

Big4Guy

Welcome to Big4Guy.com. Big4Guy is an online resource where I will share with you the latest news, insights, knowledge and some experiences as a Big 4 consultant. We will discuss some of the important issues which organisations are facing today in the areas of information security, security and controls in SAP R/3, Oracle Applications, J.D.Edwards, Peoplesoft and various other ERP's. You will also find information on latest complaince regulations like Sarbanes Oxley, Basel II and so on. Big4guy will also attempt to provide valuable resources for individuals interested in examinations the CISA, CISM, CISSP, PMP and various other security certifications considered essential for entry in any Big 4 accounting, auditing and consulting firms. You are invited to post your comments and viewpoints to posts here. I sincerely hope this online journal will be useful to everyone from a budding student to a professional in the accounting, auditing, management and consultancy professions.

Post details: Access to Sensitive Transactions Data - How Access to Sensitive Transactions Affects Sarbanes Oxley Compliance

03/19/06

Permalink 09:26:25 pm, Categories: Sarbanes Oxley, 230 words   English (US)

Access to Sensitive Transactions Data - How Access to Sensitive Transactions Affects Sarbanes Oxley Compliance

Information technology has today become the backbone of all enterprises. Most big businesses have a software, ERP, or other applications which support the achievment of business objectives. As part of Sarbanes Oxley and Section 404, management needs to have comfort on the controls working within and around such applications. One important set of controls includes access controls relating to such applications. One pertinent question here would be "Who has access to sensitive transactions or data?".

So how does the management approach the situation. A process should be in place to periodically review how, by whom and how frequently sensitive transactions were accessed. Ideally, it is the application and data owners who should undertake these reviews. Application and data owners should periodically undertake such reviews based on the sensitivity and criticality of transactions. The entire purpose of such a review would be to ensure that individuals with a real business need are authorized to execute critical and sensitive transactions. Such review would normally reveal situations where improper access has been given. Such execptions should be handled by removing access to the personnel with unauthorized access. As a best practice, users access to sensitive transactions as well as IT systems in general should be in line with their job roles.

Related Posts

Effect of Material Weakness on Financial Statements
Documentation for Section 404 Compliance
Identifying Significant Processes - Sarbanes Oxley
IT Governance for Sarbanes Oxley

Permalink Leave a comment

Comments:

No Comments for this post yet...

Official Websites

Categories


Archives

  • SAP GRC Virsa Rule Sets Updates
  • SAP MM Requirements for Setting up Plant
  • Lessons Learned Log for ASAP Implementation
  • SAP Solution Configuration Realization Phase
  • SAP MDM Master Data Import Manager Loading Data into SAP MDM
  • Compliance Calibrator SOD Conflicts Remediation Strategy
  • SAP Workload Analysis Monitor Tools ST03N
  • SAP BW Data Staging Basics Tutorial
  • How to Implement BW Infoobject Level Security
  • SAP BW Admnistrator Authorizations S_RS_ADMWB
  • BIW Reporting Auth Objects S_RS_COMP
  • SAP BW Security Authorization Objects for SAP BW
  • more...

    • Search

    Google

    Web Big4Guy.com

    September 2008
    Mon Tue Wed Thu Fri Sat Sun
    <<  <   >  >>
    1 2 3 4 5 6 7
    8 9 10 11 12 13 14
    15 16 17 18 19 20 21
    22 23 24 25 26 27 28
    29 30          

    Misc

    Syndicate this blog XML

    What is RSS?