Daudov S.D., Duisalieva A.M. ITAUDIT: CONTROL OFACCESS RIGHTS AND SEGREGATION OF DUTIES
DOI: https://doi.org/10.15688/ek.jvolsu.2025.1.11
Salavat D. Daudov
Head of the Department of Internal Audit, OOO Gazprom Dobycha Astrakhan, Lenina St, 30, 414000 Astrakhan, Russian Federation, This email address is being protected from spambots. You need JavaScript enabled to view it. , https://orcid.org/0009-0006-8272-7992
Adelia M. Duisalieva
Auditor, Department of Internal Audit, OOO Gazprom Dobycha Astrakhan, Lenina St, 30, 414000 Astrakhan, Russian Federation, This email address is being protected from spambots. You need JavaScript enabled to view it. , https://orcid.org/0009-0004-8976-7917
Abstract. IT audit plays a major role in ensuring the safety and reliability of the use of an organization’s information systems. It is responsible for assessing the effectiveness of the organization’s internal control in the field of information security, identifying potential risks, and finding ways to minimize them. The article defines the main areas of conducting an IT audit and examines in more detail the audit of the distribution of access rights to IT systems, since granting users excessive access rights can lead to the implementation of the following risks: unavailability of the company’s services and information systems, data compromise, fraudulent transactions, and unintentional errors. The article examines in more detail the principle of segregation of duties (SoD) as a mechanism for ensuring the reliability of the access management process and reducing the risks identified in this area. An algorithm of actions that must be taken to implement an SoD system in an organization is given, namely: analyze business processes, assess risks, separate processes and functions, distribute roles and responsibilities, implement access controls, and monitor processes and functions. As one of the practices for implementing a system of segregation of duties, the formation of an SoD matrix is proposed for both business processes in general (segregation of duties by positions) and for individual information systems (segregation of duties by roles).
Key words: IT audit, IT risks, access management, principle of segregation of duties, duties conflict, SoD matrix, information security.
ITAUDIT: CONTROL OFACCESS RIGHTS AND SEGREGATION OF DUTIES by Daudov S.D., Duisalieva A.M. is licensed under a Creative Commons Attribution 4.0 International License.
 5_Daudov, Dujsalieva.pdfURL: https://ges.jvolsu.com/index.php/en/component/attachments/download/2223 | 364 Kb | 13 Downloads |