Data management and governance are top challenges for organization due to the increased reliance on data for revenue growth and strategic decisions. There is also a growing number of data security and privacy regulations. This sample audit program lists various security, change management and monitoring control activities and audit procedures and their impact on multiple database control objectives.
Security control activities in this document include new user access, access termination, inactive account expiration, user access review, and initial password distribution. Change management control objectives include change management documentation, change initiation and approval, testing and acceptance, implementation, non-emergency changes, emergency changes, and security patch updates. Monitoring control objectives include restart/recovery procedures, data backup, and contingency plans.