AI2.3 Application Control and Auditability
Ensure that business controls are properly translated into application controls such that processing is accurate, complete, timely, authorized, and auditable. Issues to consider include authorization mechanisms, information integrity, access control, backup and design of audit trails.
Illustrative Controls and the TIBCO LogLogic Solution
Managing problems and incidents addresses how an organization identifies, documents and responds to events that fall outside of normal operations. You must maintain a complete and accurate audit trail for network devices, servers and applications. This enables you to address how your business identifies root causes of issues that can introduce inaccuracy in financial reporting. Also, your problem management system must provide for adequate audit trail facilities which allow tracing from incident to underlying cause.
To satisfy this control objective, administrators must ensure all financial reporting related network devices, servers, and applications are properly configured to log to a centralized server. Administrators must also periodically review logging status to ensure these devices, servers and applications are logging correctly.
Verify that all critical applications and network devices are providing a complete audit trail in the form of log data by reviewing the log source status page.