1 / 13

Oracle DBMS Audit Findings

Oracle DBMS Audit Findings. Heiang Cheung || M. Sarush Faruqi || James Foggie || Nathan Van Cleave MIS 5201 - IT Audit Process - Professor Yao. F.E.I. Internal Audit Group Oracle DBA Management Team Audit Period: February 26, 2018 - April 9, 2018. Agenda. Executive Summary

katherineh
Download Presentation

Oracle DBMS Audit Findings

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Oracle DBMS Audit Findings Heiang Cheung || M. Sarush Faruqi || James Foggie || Nathan Van Cleave MIS 5201 - IT Audit Process - Professor Yao F.E.I. Internal Audit Group Oracle DBA Management Team Audit Period: February 26, 2018 - April 9, 2018

  2. Agenda • Executive Summary • Audit Scope • Good Practices • Audit Findings • Appendices

  3. Satisfactory Executive Summary Needs Improvement Needs Improvement Overall Audit Opinion Key Message Key Message The DBA team is experienced and the management team works in a collaborative manner. While the internal control framework has been established, audit identified four findings during the review. These findings are related to the Access and Service Management Sub-Risk areas and reflect gaps in a maturing control framework. With two major and two minor findings, audit recognizes the Overall Audit Opinion as Needs Improvement. Audit Context Management disclosed during planning that the DBA Support group had recently completed a organizational transformation and key resources had not been retained. This has caused staffing and retention issues. A post-implementation audit was conducted 18 months ago and 2 minor findings related to Password Management and Programme Governance were raised. Urgent Action Findings Audit Context • Minor • Major

  4. Thank You

  5. Scope

  6. Management Good Practices

  7. Findings Index *See Appendix I for Classification Definitions

  8. Finding 1 – Inappropriate Privileged Access

  9. Finding 2 - Gaps in Password Management

  10. Finding 3 – Lack of Segregation of Duties

  11. Finding 4 – Inadequate Backup Processes

  12. Next Steps • Findings Agreement • Corrective Actions & Owners Assigned • Final Report Issuance • 6 Month Check-in

  13. Appendix I

More Related