3: Auditing Employee Terminations Flashcards
• Termination process
The IS auditor should examine the employee termination process and determine its effectiveness.
how user account management personnel are notified of terminations. The auditor should identify specific security policies to determine how quickly user accounts should be terminated. The auditor should examine HR records to see if all employee terminations correspond to user account management termination records.
Timeliness
The IS auditor should examine employee termination records and the records on individual information systems to determine if user accounts are locked or removed in a timely manner.
Typically, user accounts should be locked or removed within one business day, but in environments with particularly valuable or sensitive information, employee terminations should be processed within minutes or hours to ensure that a departing employee cannot access systems immediately afterward (when passions often run
Access reviews
The IS auditor should determine if any internal reviews of terminated accounts are performed, which would indicate a pattern of concern for effectiveness in this important activity. If such reviews are performed, the auditor should determine if any missed terminations are identified and if any process improvements are undertaken.
Contractor access and terminations
The classic problem with contractors is that it’s sometimes difficult to precisely determine when a contractor no longer requires access to a system or network. Furthermore, contractors are often hired and fired by internal managers without any notification to or tracking by HR. In light of these aspects, it can be difficult to determine the effectiveness of contractor-related access management.