Presented by: Brandon McAndrew Jordan Schafer Keith Edwards IT Audit Automation.

Slides:

Advertisements

Similar presentations

Participation in the development of certification tests for LCG/GLITE Galaktionov V.V. The works presented in the report are executed in accordance to.

Advertisements

Auditing Computer-Based Information Systems

Lesson 17: Configuring Security Policies

Chapter One The Essence of UNIX.

The Islamic University of Gaza

Chapter 8 Embedded SQL.

A Guide to Oracle9i1 Introduction To Forms Builder Chapter 5.

Stored Procedures & User Defined Functions MacDonald Ch. 23 MIS 424 MIS 424 Professor Sandvig Professor Sandvig.

Backup The flip side of recovery. Types of Failures Transaction failure –Transaction must be aborted System failure –Hardware or software problem resulting.

Quality Assurance CS 615. Mission Statement The Quality Assurance team will provide assurance to stakeholders in CS-615/616 projects that their projects.

Nu Project Management Office A web based tool to Manage Projects.

Bar|Scan ® Asset Inventory System The leader in asset and inventory management.

What is Crystal Reports By: Wase Siddiqui. History Crystal Reports was not created by SAP. It was a Software created by Terry Cunningham. It was created.

Adaptive Server Farms for the Data Center Contact: Ron Sheen Fujitsu Siemens Computers, Inc Sever Blade Summit, Getting the.

Microsoft Office Word 2013 Expert Microsoft Office Word 2013 Expert Courseware # 3251 Lesson 4: Working with Forms.

State of Connecticut Core-CT Project Query 4 hrs Updated 1/21/2011.

1 of 5 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

Advanced File Processing

AFISS, ◊ Tel: (519) ◊ ◊ ◊ Web: ◊

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

5.1 © 2007 by Prentice Hall 5 Chapter Foundations of Business Intelligence: Databases and Information Management.

Classroom User Training June 29, 2005 Presented by:

ASP.NET Programming with C# and SQL Server First Edition

Crystal And Elliott Edward M. Kwang President. Crystal Version Standard - $145 Professional - $350 Developer - $450.

MARC 10.5 Update John Harvey. MARC 10.5 Changes  Backup Scripts restructured  Added a script to generate scripts outside of MARC  Generate Scripts.

About Dynamic Sites (Front End / Back End Implementations) by Janssen & Associates Affordable Website Solutions for Individuals and Small Businesses.

Training Workshop on the use of the CRF Reporter for European Community Experts Introduction Copenhagen – 12 September 2005 James Grabert Inventories sub-programme.

Facilimanage Dynamics aka “Facilies” CS 499 Final Presentation Curtis McKay Manneet Singh Brad Vonder Haar.

Chapter 9 Audit Sampling: An Application to Substantive Tests of Account Balances This presentation focuses (like my course) on MUS. It omits the effect.

Copyright © 2007, Oracle. All rights reserved. Managing Concurrent Requests.

GNU Compiler Collection (GCC) and GNU C compiler (gcc) tools used to compile programs in Linux.

A Comparison of SAS versus Microsoft Excel and Access’s Inbuilt VBA Functionality Jozef Tarrant, Amadeus Software Ltd. 1 Copyright © 2011 Amadeus Software.

Understanding the IT environment of the entity. Session objectives Defining contours of financial accounting in an IT environment and its characteristics.

Lecturer: Gareth Jones. How does a relational database organise data? What are the principles of a database management system? What are the principal.

Advanced File Processing. 2 Objectives Use the pipe operator to redirect the output of one command to another command Use the grep command to search for.

Chapter Five Advanced File Processing Guide To UNIX Using Linux Fourth Edition Chapter 5 Unix (34 slides)1 CTEC 110.

S4: Understanding the IT environment of the entity.

Introduction to Databases Trisha Cummings. What is a database? A database is a tool for collecting and organizing information. Databases can store information.

Introduction to ArcGIS for Environmental Scientists Module 3 – GIS Analysis Model Builder.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources.

Access Lesson 11 Creating and Running Macros Microsoft Office 2010 Advanced Cable / Morrison 1.

Chapter Five Advanced File Processing. 2 Lesson A Selecting, Manipulating, and Formatting Information.

Project Launch Presentation. Overview  Group Members: Joshua Booth Jiajia Jiang Weijuan Shi  Client: G & T Security.

Database Management Supplement 1. 2 I. The Hierarchy of Data Database File (Entity, Table) Record (info for a specific entity, Row) Field (Attribute,

Accessing an ODBC Database. External Data ODBC Command From ACL Project Screen use External Data ODBC Command.

Lesson 3-Touring Utilities and System Features. Overview Employing fundamental utilities. Linux terminal sessions. Managing input and output. Using special.

Pasewark & Pasewark Microsoft Office 2003: Introductory 1 INTRODUCTORY MICROSOFT ACCESS Lesson 4 – Finding and Ordering Data.

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

Copyright © 2010, SAS Institute Inc. All rights reserved. SAS ® Using the SAS Grid.

8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.

NSF DUE ; Wen M. Andrews J. Sargeant Reynolds Community College Richmond, Virginia.

Lesson 29: Building a Database. Learning Objectives After studying this lesson, you will be able to:  Identify key database design techniques  Open.

Module 5: Managing Addresses and Address Lists.

8 th Semester, Batch 2009 Department Of Computer Science SSUET.

Lesson 6-Using Utilities to Accomplish Complex Tasks.

Presentation on Database management Submitted To: Prof: Rutvi Sarang Submitted By: Dharmishtha A. Baria Roll:No:1(sem-3)

Chapter 8-1 Chapter 8 Accounting Information Systems Information Technology Auditing Dr. Hisham madi.

CIS-NG CASREP Information System Next Generation Shawn Baugh Amy Ramirez Amy Lee Alex Sanin Sam Avanessians.

1 Copyright © 2008, Oracle. All rights reserved. Repository Basics.

Edexcel OnCourse Databases Unit 9. Edexcel OnCourse Database Structure Presentation Unit 9Slide 2 What is a Database? Databases are everywhere! Student.

CSE 303 Concepts and Tools for Software Development Richard C. Davis UW CSE – 10/9/2006 Lecture 6 – String Processing.

Microsoft Office Access 2010 Lab 3

Data Virtualization Community Edition

17F4-final-presentation

Upgrading To PowerPoint 2007.

Week Thirteen – Continuous Auditing/CAATs and QA/QC

Week Thirteen – CAATs & Continuous Auditing

Guide To UNIX Using Linux Third Edition

Software Requirements Specification (SRS) Template.

Lecture 34: Testing II April 24, 2017 Selenium testing script 7/7/2019

Presentation transcript:

Presented by: Brandon McAndrew Jordan Schafer Keith Edwards IT Audit Automation

Overview of scripting languages Demonstrations IT Audit Automation

A type of programming language Interprets and automates the execution of tasks Script Language

Examples 1. Bash – UNIX or UNIX-like operating systems 2. Visual Basic – Microsoft Office Applications 3. ACLScript – Audit Command Language (ACL) Analytics Script Language

When to use scripts? 1. If repetitive tasks need to be completed 2. If a large number of sample items need to be reviewed 3. If similar reviews will be conducted in the future Script Language

Items to consider before writing a script 1. What do you need the script to do? 2. What criteria will be used for tests? 3. How will source data be obtained? Script Language

You don’t always need a formal programming background to write and use scripts! Script Language

Web searches and help files are a great starting place. Script Language

Demonstration

When not to use scripts? 1. When source data will be provided in an inconsistent format 2. When there is no positive cost benefit 3. When resource limitations become a barrier Script Language

Risks when using scripts 1. Errors in scripting logic producing improper results 2. Could prompt auditors to jump to faulty conclusions 3. Costs could exceed benefits Script Language

Questions And Answers (3 Minutes)

Illustration: Oracle

Summary - Oracle Illustration 1. Obtain an understanding 2. Establish criteria 3. Identify tables 4. Request files 5. Design import script 6. Design testing script 7. Design export script 8. Design master script

Handout – “Oracle Example Script”

 Identify the database and version  V$Version Obtain An Understanding

 CIS benchmarks  Policies and procedures  Determine the most restrictive Obtain Criteria ?

 DBA_Users  DBA_Profiles  DBA_Parameters Identifying Tables  DBA_RolePrivs  DBA_TabPrivs  DBA_SysPrivs

 Request files  Easiest format Data Gathering

 Perform manually  Import scripts  Comments  Perform reconciliations Designing Scripts Step 1 -Formatting

 Add comments  Define the fields  Use established criteria to create tests  Direct tests  Indirect tests  Other information (Criteria reference) Designing Scripts Step 2 - Testing

Defining Fields

Direct Tests Input “Not In Compliance” in the virtual field V_COMPLIANCE if “Failed Login Attempts” is greater than 5 or set to “Unlimited” and is not “DEFAULT.”

Indirect Tests/ Other Information

 Export script  Perform manually  Follow up on all items Step 3 Output & Overview

Master Script  Create 1 script that controls all other scripts  Identifies which scripts are ran  Sets overall variables  Identifies outputs

Questions And Answers (3 Minutes)

Statewide UNIX Security Controls Illustration

Summary – UNIX Illustration Selecting audit criteria and defining tests Visual Basic Writing a data gathering script Solaris operating system Automating testing in ACL Importing criteria and source files

Background UNIX is a multiuser and multitasking operating system Various open source and commercial variations Automation for data gathering and data analytics

Audit Criteria & Defining Tests Selecting audit criteria Defining the tests applicable to the operating system Separate criteria and tests per operating system Making audit criteria variable Simple and efficient changes Visual Basic

Demonstration

Data Gathering Selecting a script language Using audit criteria Other sources of information Testing commands and reviewing results

Demonstration

Data Gathering – Continued Commenting and formatting your scripts Determine the need for multiple scripts Thoroughly test the final scripts Ensure auditee cooperation Request auditee review the script Make scripts simple or complex Ensure uniformity Allow for efficient adjustments

Demonstration

Importing data Audit criteria (Visual Basic) Data gathering results (source files from server) Creating control scripts Dialog boxes for users of the scripts Allow the user to determine tests ran and outputs generated Using variables and adding pertinent information Data Analysis – ACL

Demonstration

Testing & Results - ACL Testing Scripts Base script logic on audit criteria Thoroughly test Results Export necessary information Manually review results and make conclusions Perform normal testing procedures with script outputs

Demonstration

Concluding Thoughts Putting it all together Lessons learned Impact on IT audits

fin.

Contact Information Brandon McAndrew – Jordan Schafer – Keith Edwards –