Public and Private firms aren’t the only organizations with control problems. Government has problems too. The Transportation and Security Organization’s last audit was 2016 and there were issues. The issues identified were pretty common and a lot of businesses have them too.
KPMG performed a financial statement audit and an audit of select general IT controls (GITC). What did they find?
- A number of items related to control of assets including assets not listed, missing asset IDs, etc.
- Ineffective controls over the AR estimates.
- Control issues related to HR & Payroll, especially around various approvals.
- Journal entry approval problems with the year end suspense clearing.
- Strong passwords were not consistently enforced.
- Access Certification was not performed annually as required.
- System access was not timely removed for terminated and/or separated personnel.
This is pretty typical stuff. Access Certification in particular is often done via Excel and email and it’s a miserable process. Fixing this with a certification tool is actually pretty easy. System access not removed in a timely manner is another very common problem. Access Certification serves as a backstop for this, but a good identity governance application solves this in a preventative way.