Big4Guy

Confessions, Thoughts, Observations and Musings of a Big4Guy

Big4Guy

Welcome to Big4Guy.com. Big4Guy is an online resource where I will share with you the latest news, insights, knowledge and some experiences as a Big 4 consultant. We will discuss some of the important issues which organisations are facing today in the areas of information security, security and controls in SAP R/3, Oracle Applications, J.D.Edwards, Peoplesoft and various other ERP's. You will also find information on latest complaince regulations like Sarbanes Oxley, Basel II and so on. Big4guy will also attempt to provide valuable resources for individuals interested in examinations the CISA, CISM, CISSP, PMP and various other security certifications considered essential for entry in any Big 4 accounting, auditing and consulting firms. You are invited to post your comments and viewpoints to posts here. I sincerely hope this online journal will be useful to everyone from a budding student to a professional in the accounting, auditing, management and consultancy professions.

Post details: Internal Controls Over User Access Sarbanes Oxley

05/21/07

Permalink 04:22:28 am, Categories: Sarbanes Oxley, 196 words   English (US)

Internal Controls Over User Access Sarbanes Oxley

User access represents one of the biggest risk areas for Sarbanes Oxley compliance. Access to users who no longer work for the company should be removed in a timely manner. In most organizations, an users' access is terminated by the IT department when a terminated employees report is received from the HR department. As a result, there can be a significant delay in employee termination and user access rights removal.

Also, in most companies, access is removed only partially. In case user has access to multiple systems, access needs to be removed from all systems. Modern day methods like identity management though costly can significantly reduce the risk of unauthorized access to systems. The best possible way of controlling user access is to put a process in place, so that user termination is notified by the HR department to the IT department to ensure removal of access immediately. Excess user access can be a major control lacuna as far as Sarbanes Oxley compliance is concerned. It is up to companies to take action and control user access.

Related Posts

Spreadsheets and Sarbanes Oxley Compliance
Evaluating Disclosure Controls
Whistleblower Hotlines for Sarbanes Oxley
What is Basel II?

Permalink Leave a comment

Comments:

No Comments for this post yet...

Official Websites

Categories


Archives

  • SAP GRC Virsa Rule Sets Updates
  • SAP MM Requirements for Setting up Plant
  • Lessons Learned Log for ASAP Implementation
  • SAP Solution Configuration Realization Phase
  • SAP MDM Master Data Import Manager Loading Data into SAP MDM
  • Compliance Calibrator SOD Conflicts Remediation Strategy
  • SAP Workload Analysis Monitor Tools ST03N
  • SAP BW Data Staging Basics Tutorial
  • How to Implement BW Infoobject Level Security
  • SAP BW Admnistrator Authorizations S_RS_ADMWB
  • BIW Reporting Auth Objects S_RS_COMP
  • SAP BW Security Authorization Objects for SAP BW
  • more...

    • Search

    Google

    Web Big4Guy.com

    September 2008
    Mon Tue Wed Thu Fri Sat Sun
    <<  <   >  >>
    1 2 3 4 5 6 7
    8 9 10 11 12 13 14
    15 16 17 18 19 20 21
    22 23 24 25 26 27 28
    29 30          

    Misc

    Syndicate this blog XML

    What is RSS?