IT Application Audit | Access Management and Database security

Client Needs & Objectives

Our client, one of the leading financial cooperatives in North America, mandated us to perform an audit of their access management and database security for check and cash clearing applications.

The objective of the IT audit was to:

  • Evaluate the systems and processes in place that related to authentication, access management and database security.
  • Define and assess risks and controls related  to a company’s information assets.
  • Ensure processes are in compliance with IT-specific regulation, internal policies and standards, and industry best practices.

Our Approach

  • Developed a comprehensive Risk and Control Matrix and evaluated the identified risks based on COSO risk framework
  • Gathered relevant sources of information to conduct design and efficiency testing of existing controls: departmental policies, standards and prior audit workpapers
  • Created design and effectiveness tests for each control
  • Conducted interviews with process users and owners to obtain an understanding and walkthrough the key processes.
  • Assessed the residual risk levels of inadequately designed or executed controls
  • Communicated findings with key stakeholders and management and accompanied them to set action plans for remediation of ineffective controls
  • Delivered a report including control and testing documentation, as well as the action plans agreed upon by the accountable parties

Main Deliverables

Download

Client Benefits & Main Results

Independent review and understanding of the risk environment related to our client compensation applications

Development of a Risk and Control Matrix for the audited processes

Assurance on the design and effectiveness of access management and database security for the audited applications

Results of the audit helped bank to proactively address any residual risks relating to the inadequate design or the ineffectiveness of the controls