Question
VA is a service provider which provides health care and other benefits to retirees on behalf of their employers. You, as the IT auditor of
VA is a service provider which provides health care and other benefits to retirees on behalf of their employers. You, as the IT auditor of ManCo, are concluding your IT Audit. As ManCo uses VA as a service provider, you are reading the SOC2 Report issued by VAs auditor to draw your own audit conclusion. Here are the findings from the SOC2 Report:
VAs auditor found that system programmers had access to both system software and financial data.
VAs auditor found that IDs belonging to terminated and transferred employees were not being disabled. VAs auditor identified over 90 active IDs belonging to terminated or transferred employees.
VAs auditor identified 119 network IDs that were allowed to circumvent password change controls, 15 IDs that did not have any passwords, and 8 IDs that had passwords with less than six characters.
VAs auditor also found numerous instances where user IDs and passwords were being shared by staff. For example, as many as 16 users were sharing IDs with privileges to all financial data and system software.
At the time of VAs auditor review, the security software administrator also reported to the application programming division director.
Draw your IT General Control conclusion based on the above findings from the VAs auditor SOC2 Report.
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started