#119 | ITGC Shared Folder Access Review – Good Documentation

Hello, everyone! In this session, I am going to share with you how to document a shared folder access review.

Taking the perspective of the business process owner or the IT person doing the review, there are 3 steps that should be done to ensure the documentation is accurate and complete.

After taking a screenshot of the folders that you review, the 3 steps include:

  1. Identify the folders (fields) reviewed.
  2. Explain reasoning for determining the shared folder access is approved
  3. Indicate the review date

 

I suggest you watch the video. It’s easier to understand if you are a visual/audio learner. The content below is the same as the video. It’s for those who learn by reading.

 

Good Example of Documented Shared Folder Access Review
Good Example of Documented Shared Folder Access Review

Number 1 –  By showing us or identifying the folders or fields being reviewed. We know that this is a shared FP&A folder. For this particular client, FP&A is a critical process. It contains some key reports. So, we want to ensure we’re looking at the right folder.

Number 2 – Once the folder has been confirmed, the next step is to explain the reasoning for determining the people who have shared folder access is approved or appropriate.

How did you decided who should have access?

In this example, under the collaboration box, you see there are 3 users in this particular folder. The reviewer noted “Access is restricted to the VP or Director of Finance, Treasurer, and CEO”. These team members have permission to access this particular folder.

Now, you can state that you’ve verified the access permissions and confirmed the current users are approved.

Number 3 – Once the folder and the users have been identified and verified, the last step is to indicate or clearly fill out the review date.

Typically, it’s done on a screenshot. If you can show your desktop, you can show something that has a date stamp. If not, add in the date so that we know it happened in a timely manner.

Here is an example:

Many clients have quarterly access review, and we want to know that the review was completed within the quarter. Did it happen in Q1, Q2, Q3, or Q4?

Did you wait six months before this review occurred? The date of your review is important. In this case, the screenshot doesn’t show it, but it should be easy to add the date and time when you save the file. This would make good documentation and helps explain that review has been done.

I hope this tip is helpful. We’ll be doing more of these small vignettes of what to save and what to do as the process owner. Have a great day!

 

watch video in youtube

 

If you found this post helpful and
want to receive the next segment
sign up for blog
By | 2017-11-28T17:35:04+00:00 November 28th, 2017|Internal Controls|0 Comments

About the Author:

Leave A Comment