BAI03.05 Build Solutions

Ensure that business controls are properly translated into application controls such that processing is accurate, complete, timely, authorized, and audit-able. Issues to consider include authorization mechanisms, information integrity, access control, backup, and design of audit trails.

Illustrative Controls and the TIBCO LogLogic Solution

Managing problems and incidents addresses how an organization identifies, documents and responds to events that fall outside of normal operations. You must maintain a complete and accurate audit trail for network devices, servers, and applications. This enables you to address how your business identifies root causes of issues that can introduce inaccuracy in financial reporting. Also, your problem management system must provide adequate audit trail facilities which allow tracing from incident to underlying cause.

To satisfy this control objective, administrators must ensure all financial reporting related network devices, servers, and applications are properly configured to log to a centralized server. Administrators must also periodically review logging status to ensure these devices, servers, and applications are logging correctly.

Verify that all critical applications and network devices are providing a complete audit trail in the form of log data by reviewing the log source status page.

Reports and Filter Bloks

Use the following link or reference to see the control objective BAI03.05 reports and filter bloks: TIBCO LogLogic Reports and Filter Bloks for Sarbanes-Oxley and COBIT 2019.