Scribd
Upload
20 views

Group1 - It Access Management

This document summarizes controls and tests for user access management. It outlines: 1) How access is granted based on approved requests and job roles. Risks include unauthorized access to information. 2) Unique user IDs are assigned with no shared accounts. Access changes require approval and reevaluation of roles. 3) Procedures for removing access of terminated or resigned employees are followed. Monitoring ensures only relevant access is maintained.

Uploaded by

reika charisse isidoro
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
20 views

Group1 - It Access Management

This document summarizes controls and tests for user access management. It outlines: 1) How access is granted based on approved requests and job roles. Risks include unauthorized access to information. 2) Unique user IDs are assigned with no shared accounts. Access changes require approval and reevaluation of roles. 3) Procedures for removing access of terminated or resigned employees are followed. Monitoring ensures only relevant access is maintained.

Uploaded by

reika charisse isidoro
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Test of Design

Type of Employees Process/ Control Risk Test of Operating Effectiveness Supporting Documents

1. Obtain list of new hires and transfers. 1. Job Description from the HR to
1. Inquire to the IT management about how the
Users are granted access rights on the basis 1. Confidential/proprietary information may 2. Verify if the requirements are met to grant access. countercheck with policy for
access is granted.
New hires and of an approved request. and limited be disclosed to unathorized persons. 3. Vouch the documents to verify who approved and granting access.
2. Confirm who approved the access granted.
transfers only to access required to carryout their job 2. Integrity of data, applications, and other reviewed supporting documents. 2. Access request form containing
3. Confirm who reviewed the access granted
responsibilities. IT resources may be impaired. 4. Randomly select new hires and tranfers and verify their signatories for request, approval
before approval, if there is any.
access if it's accordance to the policy and verification.
Unique user ID is assigned to each user. No
1. Inquire the process about creating and giving of 1. Obtain the list of sample user ID and verify if there is 1. List of sample user ID for
group IDs exist and shared by Risk for Accountability and Responsibility
user ID's to the respective personnel. duplicate. verification.
multiple users.

1. List of new hires employees with


1. Confirm if there is a monitoring in the access their corresponding role from HR to
Changes to users’ access should be 1. Obtain the list of new hire and transfer employees and
granted. countercheck with their existing
approved and their role re-evaluated to 1. Risk for segregation of duties. verify their role.
2. Inquire the policy for granting additional access. access level.
prevent “role creep” which is caused by 2. Employees may have irrelevant access 2. Evaluate job specification of employees and check their
3. Confirm who monitor the acess granted and 2. Policy of granting the additional
incremental additions to access over to unauthorized information. access to IT if their access is relevant for the satisfaction of
who to approved and reviewed the additional access for verification with the
time. their job
access granted. result of test of operating
effectiveness.

1. List of resigned and terminated


1. Confirm the policy and procedure for removing
1. Obtain from the hr of list of resigned employees and if employees from HR for verification
Access rights should be promptly disabled Terminated and resigned employees might the access of resigned and terminates
Terminitions and when was the date of effectivity of the resignation. is they still have access.
and/or removed once users leave the continue to have access unauthorized employee/s.
Resignations 2. Verify whether the resigned employees are can no longer 2. List of policy and procedure to
company. information. 2. Confirm who authorized and removed the acess
have an access on the certain system. corroborate with result of test of
for the resigned and terminated employee.
operating effectiveness.

1. List of existing employees and


currently retired/ terminated
1. Confirm how frequent is the perriodic review 1. Obtain the list of personnel who has access of the system
employees from HR Department
and when it is conducted, if there is any. in IT.
counter check to the list of
2. Confirm how the management monitor who has 2. Verify if all the personnel in the list is currently employed.
personnel who have access from
If there is no or ineffective periodic review, access the system. 3. Observe how the extended testing is perform is there is
IT.
extended testing of terminations and Disclosure of confidential information 3. Confirm who performed extending testing of no/ineffective periodic review.
2. Standard Operating Manual for
resignations is performed termination and resignation and how it is 4. Verify who conducted the review and/or extended testing.
verification of issues found during
conducted. 5. Verify the process for solving the issue found in the
periodic review.
4. Confirm how the management solve the issue extended testing is in accordance with the policy and
3. Document of periodic review.
found in the extended testing. procedure.
4. Document of resolving issues on
periodic review if any.

GROUP 1:
Asino, Raven
Benoya, Agatha Eunice
Bernaldez, Jerico
Isidoro, Nica
Lim, Aaron James
Manliclic, Eloizza
Rabino, Angie
Solimanan, Alped

You might also like