Today, we conducted our final fieldwork at a company in Johor Bahru. Upon reviewing the information request list with the person in charge, I observed that in the previous year's audit working paper, it was stated that the company practiced user access matrix re. However, the person in charge informed me that they did not practice it in the current year. Upon further inquiry with the company's internal auditor, he provided me with the relevant documentation and confirmed that he had conducted the user access matrix re.
During our server room sighting, we identified several weaknesses such as an unlocked door, absence of CCTV, no fire extinguisher, and water sprinkler installed in the server room. Another audit finding was that finance personnel held the admin ID for the SAP system without any re of the audit trail. We discussed these findings with the client, and they asked us how to perform the audit trail re. My manager recommended a script that could generate an audit trail from the system.
Main things that have learnt:
To understand the risk of having a water sprinkler in a server room
To understand that there is a script to run in the SAP system to generate an audit trail
Comment/idea/opinion
N/A
Comentários