Audit and Assurance

Expand all | Collapse all

Application control testing segregation of duties

  • 1.  Application control testing segregation of duties

    Posted 02 Aug, 2019 12:05
    Dear Team

    Please answer only if you work in banking sector or you have the experience to answer.
    I only need answers from people who are dived in this topic.

    So i am auditing banking applications, Murex, T24.
    I have limited information about back office, middle office and front office.
    And when i obtain the Access Control Matrix, it is thousands of employees with many functions.

    Who can explain, share basic information about tips and tricks how to test for segregation of duties. I know it depends on undersanding but still sometimes there are common sense we need to understand.

    Provide me the basic information, share with me more about these two application, where to look, where is the highest risk.
    Any tips are welcomed.

    Appreciated and thanks and Regards,

    ------------------------------
    Marat Kaisseov
    ------------------------------


  • 2.  RE: Application control testing segregation of duties

    Posted 04 Sep, 2019 18:24
    You may want to recall the principles of SOD:  Authorization, Execution, Recording, Supervisory Review.  So, just apply those principles across the Front, Mid, and Back office functions and you'd be fine.

    ------------------------------
    Marino Mata
    Auditor
    ------------------------------