A client is undergoing a SOX readiness IT audit and issues have been identified with the provisioning control.
Scenario interviews help us assess your thought process, creativity, and comfort with ambiguity. At the same time, the scenarios represent real client engagements so they allow you to gain insight into the work we do.
Deloitte is performing a SOX readiness IT audit for a client. The client will soon be going public, and they have not been audited before. Deloitte’s readiness procedures allow the company to learn about gaps in their current environment and how to remedy them before the real audit.
During control walkthroughs, Deloitte found that there have been design issues with the provisioning control. These issues for provisioning include approvals for new access not having been documented and retained properly. The control owner does not understand Deloitte’s concern with missing approval documentation for provisioning. While the client will reluctantly work through fixing their issues with the provisioning control, Deloitte wants to suggest an additional control to help mitigate the risk of a potential breakdown going forward.