Who Holds "The Critical System Access Rights?"
As you know, business is not only managed through the wet signatures on documents but also via email traffic.
A parallel, less visible but not impotent process is ongoing in the Information Systems.
You should not ignore this process, and you have no right to claim that “it is a mystery area for me”!
- Who is the "superman" in your operations?
- Are the critical access rights allocated in line with the Segregation of Duty principals?
- Are the critical processes being performed by the authorized people, in line with their responsibilities?
A short survey may result with very surprising outcomes.