Each week via Twitter we post a daily audit checklist tweet for all the IS auditors and security administrators out there in the tweet-o-sphere. But, we realize not everyone is ready for Twitter, and many of you are still resisting (you can keep trying, but eventually you will give in and start tweeting, everyone will eventually…), so we’ve decided to start posting them in our blog as well. So once each week we’ll post the audit checklists and audit tools that we posted into Twitter here in our blog as well. This way everyone will have a chance to enjoy all the audit fun!

This week’s focuses are on auditing segregation of duties controls and tools that you can use for auditing file system access controls. As usual we try to offer a mix of commercial plus free tools for you to try out and we hope you enjoy them. On the checklist side we’ve also included a few matrixes that you can use to evaluate position descriptions within your organization as well. Hopefully you can include these in your audit plans, regardless of the technical systems you’re evaluating.

Segregation of Duties Audit Checklists & Security Guides:

Segregation of Duties #1

Segregation of Duties #2

Segregation of Duties #3

Segregation of Duties #4

Segregation of Duties #5 (Old Link Removed)

Tools for Auditing File Access Controls:

Access Auditor

Quest Active Roles

Microsoft Xcalcs

Sysinternals AccessEnum

File Server Change Reporter

We hope everyone will enjoy and use these tools this week. If you have suggestions or ideas for future audit checklists or tools, please let us know, we’d love to hear your feedback.