Q: Dear Matt, shouldn't our internal auditors tell us how to audit our databases?
A: Your internal auditors are there to provide management with an assessment of your effectiveness at maintaining internal controls and compliance with laws and regulations; however, it's really up to IT to determine the specifics of policies, standards and controls, as well as create the specific mechanisms of documenting and showing proof of compliance. Auditors defer to management on how to take action on exposed weaknesses or violations, and they do not make recommendations on how to fix problems or how to audit your databases in the first place.
Your internal auditors can give you guidance on:
- Security auditing
- Activity auditing
- Federal, state, and other industry regulations with which you must comply such as Sarbanes Oxley, HIPAA, GLBA, SB 1386, and FISMA
You are responsible for:
- The implementation of control measures
- The capture and maintenance of records for all aspects of database information
- Review and refinement of the process on a continuous basis
To help you in the endeavor, GridApp offers Clarity Auditing.
For further reading, see our featured white paper for May here >>
<< back |
