Faster budget approvals for audit tools

Stronger independence with oversight aligned to governance expectations

Less interaction with executive management

Reduced need for audit evidence

Authentication, encryption, hashing

Accuracy, completeness, authorization, and proper audit trail

Efficiency, effectiveness, scalability

Identification, classification, disposal

Informal role descriptions to increase flexibility

Documented structure with clear authority limits and SoD

One super-user account for all administrators

Ad-hoc policies maintained by teams

Availability and concurrency control

Optical character recognition error

File label mismatch on tapes

Misfiled paper vouchers

Design and implement controls

Express an opinion supported by sufficient, competent, relevant, and useful evidence

Approve business strategies

Negotiate vendor contracts

Limit check vs. batch exception report

Reconciliation vs. edit check

After-the-fact approval vs. field validation

Logging vs. encryption

Whether the compensating control fully duplicates the original design

Whether residual risk is reduced to an acceptable level and is sustainable

Whether compensating control is cheaper

Whether it is manual rather than automated