Skip to content
BOL Conferences
Thread Options
#322120 - 02/25/05 02:48 PM Level of auditors' access to bank systems & data
Joe G. Offline
New Poster
Joined: Jan 2005
Posts: 8
New Jersey
Being a subsidiary of a larger insurance company, the bank I work for relies on the Internal Audit department of the insurance company to provide internal audit services for us.

Recently, IA approached the bank to inquire about having a terminal configured in their work area through which 3 to 5 members of their audit staff could gain access to bank applications and data.

There are obvious risks and rewards to providing that level of access to Internal Audit, and I've discussed and worked through those with our bank president. The only obstacle that seems to remain is what degree of access do we grant the auditors? Obviously we here at the bank would prefer to limit their access on a business need-to-know basis (i.e., grant access to specific applications and data for a specific period of time, in conjunction with IA's performance of audits in support of their annual audit plan). Yet, the auditors would prefer 24x7 access to bank applications and data.

Is anyone out there willing to discuss how this is handled at their institution so as to form a "best practices" opinion to discuss with my president and IA?

Much appreciated. Thanks.

Return to Top
Audit
#322121 - 02/25/05 03:26 PM Re: Level of auditors' access to bank systems & data
Retired DQ Offline
10K Club
Retired DQ
Joined: Dec 2002
Posts: 40,766
Turnpike Exit 10
Hi Joe,

Opinion only… From where I sit, I believe that internal audit should have absolute access to everything barring transactional authority and GL authority. If they cannot access everything they need, I cannot see how they can perform testing of the operational controls and the testing of procedures.

In our shop, the IA dept has terminals linked to the network, they also have access to the reports systems. They do not have any transactional ability and they cannot sign checks or transfer funds via GL.

The internal audit function is becoming increasingly important with the SOX requirements recently imposed. They need to prove that internal controls are in place and adhered to. They are God.

I hope this gives you another point of view. (sound familiar, Joe?)
_________________________
Get your facts first, then you can distort them as you please. - Mark Twain

Return to Top
#322122 - 02/25/05 04:05 PM Re: Level of auditors' access to bank systems & data
rlcarey Online
10K Club
rlcarey
Joined: Jul 2001
Posts: 83,219
Galveston, TX
I agree with DQ - no transactional authority but unlimited access to systems and data inquiry.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#322123 - 02/25/05 04:17 PM Re: Level of auditors' access to bank systems & data
happyauditor Offline
Platinum Poster
happyauditor
Joined: Nov 2004
Posts: 812
NY
My opinion as an auditor, inquiry only access to all data, preferably 24/7. Having this access at all times allows the auditors to take a look at items for status or to ensure no major changes have occurred at times when a formal audit is not being conducted. No transactional capabilities for obvious reasons. In the event the data is considered sensitive (such as HR data), consider granting access to higher level auditors, for example, supervisory audit staff.
_________________________
* My opinion is not necessarily that of my employer.

Return to Top
#322124 - 02/25/05 06:47 PM Re: Level of auditors' access to bank systems & data
Joe G. Offline
New Poster
Joined: Jan 2005
Posts: 8
New Jersey
DQ, RL and Happy....Thank you all for your valued opinions and perspectives on the topic.

Return to Top
#322125 - 02/26/05 05:44 PM Re: Level of auditors' access to bank systems & data
Anonymous
Unregistered

Auditor's should have inquiry access only 24/7

Return to Top

Moderator:  Andy_Z