Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Programming

IT Audit Automation

advertisement 
IT Audit Automation
Presented by:
Brandon McAndrew
Jordan Schafer
Keith Edwards
IT Audit Automation
•
Overview of scripting languages
•
Demonstrations
Script Language
•
A type of programming language
•
Interprets and automates the execution
of tasks
Script Language
Examples
1.
Bash – UNIX or UNIX-like operating systems
2.
Visual Basic – Microsoft Office Applications
3.
ACLScript – Audit Command Language
(ACL) Analytics
Script Language
When to use scripts?
1.
If repetitive tasks need to be completed
2.
If a large number of sample items need to be
reviewed
3.
If similar reviews will be conducted in the future
Script Language
Items to consider before writing a script
1.
What do you need the script to do?
2.
What criteria will be used for tests?
3.
How will source data be obtained?
Script Language
You don’t always need a formal
programming background to write and
use scripts!
Script Language
Web searches and help files are a great starting place.
Demonstration
Demonstration
Demonstration
Demonstration
Demonstration
Demonstration
Demonstration
Demonstration
Script Language
When not to use scripts?
1.
When source data will be provided in an
inconsistent format
2.
When there is no positive cost benefit
3.
When resource limitations become a barrier
Script Language
Risks when using scripts
1.
Errors in scripting logic producing improper results
2.
Could prompt auditors to jump to faulty
conclusions
3.
Costs could exceed benefits
Questions And
Answers
(3 Minutes)
Illustration:
Oracle
Summary - Oracle Illustration
1.
Obtain an understanding
5.
Design import script
2.
Establish criteria
6.
Design testing script
3.
Identify tables
7.
Design export script
4.
Request files
8.
Design master script
Handout – “Oracle Example Script”
Obtain An Understanding
 Identify
the database and version
 V$Version
Obtain Criteria
 CIS
benchmarks
 Policies
and
procedures
 Determine
the
most restrictive
?
Identifying Tables
 DBA_Users
 DBA_RolePrivs
 DBA_Profiles
 DBA_TabPrivs
 DBA_Parameters
 DBA_SysPrivs
Data Gathering
 Request
 Easiest
files
format
Designing Scripts Step 1 -Formatting
 Perform
 Import
manually
scripts
 Comments
 Perform
reconciliations
Designing Scripts Step 2 - Testing
Add
comments
Define
Use
the fields
established criteria to create tests
Direct
tests
Indirect
Other
tests
information (Criteria reference)
Defining Fields
Direct Tests
Input “Not In Compliance” in the virtual field V_COMPLIANCE if
“Failed Login Attempts” is greater than 5 or set to “Unlimited”
and is not “DEFAULT.”
Indirect Tests/ Other Information
Step 3 Output & Overview
 Export
script
 Perform
 Follow
manually
up on all items
Master Script
 Create
1 script that controls all other scripts
 Identifies
 Sets
which scripts are ran
overall variables
 Identifies
outputs
Questions And
Answers
(3 Minutes)
Illustration
Statewide UNIX Security Controls
Summary – UNIX Illustration
•
Selecting audit criteria and defining tests
•
•
Writing a data gathering script
•
•
Visual Basic
Solaris operating system
Automating testing in ACL
•
Importing criteria and source files
Background
•
UNIX is a multiuser and multitasking operating
system
•
Various open source and commercial variations
•
Automation for data gathering and data
analytics
Audit Criteria & Defining Tests
•
Selecting audit criteria
•
Defining the tests applicable to the operating
system
•
•
Separate criteria and tests per operating system
Making audit criteria variable
•
Simple and efficient changes
•
Visual Basic
Demonstration
Data Gathering
•
Selecting a script language
•
Using audit criteria
•
Other sources of information
•
Testing commands and reviewing results
Demonstration
Data Gathering – Continued
•
Commenting and formatting your scripts
•
Determine the need for multiple scripts
•
Thoroughly test the final scripts
•
•
Ensure auditee cooperation
•
Request auditee review the script
Make scripts simple or complex
•
Ensure uniformity
•
Allow for efficient adjustments
Demonstration
Data Analysis – ACL
•
•
Importing data
•
Audit criteria (Visual Basic)
•
Data gathering results (source files from server)
Creating control scripts
•
Dialog boxes for users of the scripts
•
Allow the user to determine tests ran and outputs
generated
•
Using variables and adding pertinent information
Demonstration
Testing & Results - ACL
•
•
Testing Scripts
•
Base script logic on audit criteria
•
Thoroughly test
Results
•
Export necessary information
•
Manually review results and make conclusions
•
Perform normal testing procedures with script
outputs
Demonstration
Concluding Thoughts
•
Putting it all together
•
Lessons learned
•
Impact on IT audits
fin.
Contact Information
•
Brandon McAndrew – bmcandrew@audgen.michigan.gov
•
Jordan Schafer – jschafer@audgen.michigan.gov
•
Keith Edwards – kedwards@audgen.michigan.gov
Related documents
How to decipher an unknown script
How to decipher an unknown script
Variables Local and Global - New Paltz Central School District
Variables Local and Global - New Paltz Central School District
How to Cite a Film Script
How to Cite a Film Script
NATIONAL PARKS PROJECT – SCRIPT GUIDANCE
NATIONAL PARKS PROJECT – SCRIPT GUIDANCE
Unix Software Tools. More On Scripts As usual, work in your scratch
Unix Software Tools. More On Scripts As usual, work in your scratch
ALBANY CIVIC THEATER Play Submittal Form Please submit a
ALBANY CIVIC THEATER Play Submittal Form Please submit a
GROUP A = The Seven Chairs GROUP B = Under the Rug
GROUP A = The Seven Chairs GROUP B = Under the Rug
Why is writing important?
Why is writing important?
Download
advertisement