Role-Based IT-Access: Who Sets the Standards in German Internal Audit Departments?

C. T. Wildensee

Abstract: Access management is essential for ensuring, that accounting-related ERP systems run according to the rules. Basics of legitimation and application requirements are established by laws and court judgements. The standards are characterized in detail by accountants and the product manufacturers, especially access restrictions. The german and EU administration are not able to set enough detailed regulation and unambiguity to force companies to do more than necessary against unauthorized data access, to implement effective authorization roles in accounting-related IT systems and finally to protect commercially sensitive data. Specifications exist, unambiguity and a graded threat of punishment is missing. The question is What are the major influences on the work of german internal audit departments

Keywords: Corporate Governance, Internal Audit Function, accounting-related IT-Systems