APO01.02 Communicate Management objectives, Direction, and Decisions Made

Implement a division of roles and responsibilities that reduces the possibility for a single individual to subvert a critical process. Management also ensures that personnel is performing only authorized duties relevant to their respective jobs and positions.

Illustrative Controls and the TIBCO LogLogic Solution

Organizations must confirm that there is appropriate segregation of duties between the staff responsible for moving a program into production and the staff responsible for developing a program. In addition, organizations must consider whether or not a change to a program is performed in a segregated and controlled environment.

To satisfy this control objective, administrators must ensure that logins to financial reporting servers and permissions assigned to these users are appropriate for the tasks they are allowed to perform. Users with overlapping permission sets can indicate a compromise in the segregation of duties control consideration. Administrators must also review the process to request and grant access to systems and data and confirm that the same person does not perform these functions.

Demonstrate that only authorized users have access to sensitive data and applications.

Reports and Filter Bloks

Use the following link or reference to see the control objective APO01.02 reports and filter bloks: TIBCO LogLogic Reports and Filter Bloks for Sarbanes-Oxley and COBIT 2019.