Subject: | |
From: | |
Reply To: | |
Date: | Tue, 30 Apr 2013 18:39:09 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Dear Brian
Being both an auditor and a records manager, I commend you on addressing
this issue. Auditors generally have an audit schedule and a forecasted
audit duration before each audit begins. Working with the head of your
management staff of Internal Audit (or your outside audit service provider)
should provide you with a schedule of audits delineating which systems
require access by the auditors. Each auditor should use whatever means to
officially "request" temporary access to the system in question and define
the duration of the access. If findings indicate prolonged access, then the
auditor should be required to submit a request for extension of access
privileges. Auditors should NEVER be permitted to have any rights
whatsoever that allow them to add, change, or delete information. However,
they almost always need rights to download a sample of information to their
audit tools or view information in its native application.
Warmest regards,
Angela Fares
T-L
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
|
|
|