An area where IDEA has been used with particular success is in conducting security audits. Normally on a security audit, the various controls over access are evaluated, the types of journals and logs that are kept are considered, and the way the system is administered and monitored is assessed. To complement these theoretical evaluations, a much more substantive approach to checking security can be conducted using IDEA. In overview, system-level commands are used to create files containing data such as systems logs, access permissions, and folder structures. These files are then imported into IDEA. Various tests can then be carried out to determine if security is adequate.
Access Rights
Identify accounts with:
Passwords not set or not required for access
Passwords that are less than the recommended number of characters
Access to key directories
Supervisor status
Equivalence to users with high level access
Identify accounts that have not been used in the last six months
Identify group memberships
Age password changes
File List Analysis
Identify duplicate names
Identify old files
Analyze files by folder
Analyze file sizes by owner
Identify last access dates for old files
Analyze databases and files by file name extension
Identify all files without an owner (i.e., where user accounts have been removed from the system)
Test for .COM, .EXE or .BAT files in areas where there should not be programs
System Logs
Generate a list of accesses outside standard office hours.
Generate a list of accesses while users are on holiday/sick leave.
Identify users, particularly those with supervisory rights, who are logged in for long periods of time.
Perform analysis by user – identify those with higher use than might reasonably be expected.
Summarize by network address to identify:
All users with their normal PCs.
All PCs with their normal users.
Users on unusual PCs.
Summarize charges by user to determine resource utilization.
Analyze utilization by period (i.e., daily, weekly, monthly) to show historical trends
Mar 21
What if you could replace two weeks of work each month with a 3-minute process that actually delivered more consistent results? Our Solutions Development team w...
Aug 18
Carolyn Newman, CPA, CISA
Client retention remains at the top of the priorities list for CPAs, and fee pressures can be alleviated when a firm adopts data an...
Nov 15
Ottawa, Canada, December 4, 2017 – CaseWare Analytics, the developer of data analysis software for auditors, accountants and other finance professionals, ...