Auditing and Risk Management: Eight Questions to Ask the Chief Auditing Executive

Auditing and Risk Management: Eight Questions to Ask the Chief Auditing Executive

How can the CEO and CFO be assured of the integrity of the information they must attest to for SOX, for example, and that the corporation is keeping accurate and complete records? Board members and executives should be asking the chief audit executive (CAE) the following questions:

Let’s see – record every record accessed by every “person”. A simple table scan of the subsidiary ledger for a SUM(YTD_ACTUAL) will generate 200,000 access records. If I do it 10 times in a day (refine the report) I generate 2 million access records. Mutlply that by 100 users.

I’m not sure that the statement (question)
“Capture data access, automatically tracking whenever data is modified or viewed by any means;” is every fully-considered from the unit record level reality.

Clearly one cannot track access to every record by every “user” since access to the tracking records is recursive and will immediately melt down the process.