Jump to navigation Jump to search
Auditing adds several extra controls such as:
- Compensating controls are used to mitigate risk when proper controls are not feasible or practical.
- Verifying that only approved program changes are implemented. - In a small organization, it may not be feasible to hire new staff, which is why a compensating control may be necessary.
- Verifying program changes has roughly the same effect as intended by full segregation of duties.
- Duties performed by DBA should exclude deleting database activity logs.
- "* Because database activity logs record activities performed by the database administrator (DBA), deleting them should be performed by an individual other than the DBA. This is a Compensating Control to aid in ensuring an appropriate segregation of duties and is associated with the DBA’s role.