IT segregation of duties, auditing applications & results.
Not what you're looking for?
I need some help in addressing the question below. Thank you.
1. IT Segregation of Duties:
The IT Audit Director identifies an issue related to IT segregation of duties - several developers have access to production for support reasons. The VP of Application Development has stated that this access is needed to support the system and to address emergency change requests. Part 1: Explain the risks associated with this access. Part 2: Develop a recommendation that helps the VP of Application Development more effectively manage the risks you identified in Part 1.
2. Auditing Application Development:
Developer: "I can't believe how many approvals I have to obtain for a simple change to the application. This is ridiculous, I have better things to do with my time."
Explain how the IT auditor can assist management in terms of designing a more efficient and effective change management process.
3. Communicating Audit Results:
You are conducting an IT audit of your company's change management process. You are reviewing several recent changes and determine that the changes do not comply with your company's change management policies. Develop an audit recommendation that may help your company address the root cause and ultimately lead to sustainable policy compliance over time.
Purchase this Solution
Solution Summary
The solution discusses IT segregation of duties, auditing application development, and communicating audit results.
Solution Preview
Here are my thoughts to help get you started:
1. There are always risks based on the number of developers that have access to production, even if it is for support reasons. The main issue is that it lowers the level of internal control over information system functions. The access should be limited and should not include multiple people having access to address emergency change requests. If emergency change requests are that frequent, there are other issues that need to be addressed. The main reason in maintaining effective controls is to prevent risks associated with the theft of company proprietary data, and also to prevent the theft of customer and/or employee information from the system. In order to manage the risks identified, the VP of Application Development should determine who actually needs access to production. Developers are typically never given access to production. It is limited to the manager of IT and to any IT department head who is not a ...
Purchase this Solution
Free BrainMass Quizzes
Balance Sheet
The Fundamental Classified Balance Sheet. What to know to make it easy.
Situational Leadership
This quiz will help you better understand Situational Leadership and its theories.
Accounting: Statement of Cash flows
This quiz tests your knowledge of the components of the statements of cash flows and the methods used to determine cash flows.
Transformational Leadership
This quiz covers the topic of transformational leadership. Specifically, this quiz covers the theories proposed by James MacGregor Burns and Bernard Bass. Students familiar with transformational leadership should easily be able to answer the questions detailed below.
Organizational Behavior (OB)
The organizational behavior (OB) quiz will help you better understand organizational behavior through the lens of managers including workforce diversity.