Dear Brian

Being both an auditor and a records manager, I commend you on addressing 
this issue.  Auditors generally have an audit schedule and a forecasted 
audit duration before each audit begins.  Working with the head of your 
management staff of Internal Audit (or your outside audit service provider) 
should provide you with a schedule of audits delineating which systems 
require access by the auditors.  Each auditor should use whatever means to 
officially "request" temporary access to the system in question and define 
the duration of the access.  If findings indicate prolonged access, then the 
auditor should be required to submit a request for extension of access 
privileges.  Auditors should NEVER be permitted to have any rights 
whatsoever that allow them to add, change, or delete information.  However, 
they almost always need rights to download a sample of information to their 
audit tools or view information in its native application.

Warmest regards,

Angela Fares

T-L 

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]