Reports : PCI, SOX, and HIPAA reports : Report: Verification of Audit Settings
 
Report: Verification of Audit Settings
This report identifies any changes that have been made to the audit reporting and tracking capability of the database.
COBIT objectives
This report is designed to meet the following COBIT objectives:
Objective Number
Description
DS3.5, DS5.5, DS13.3
Audit tracking is configured on all financial databases, changes to audit functionality is reviewed by IT Management on a quarterly basis.
Setup requirements
There are two requirements:
1. At least one of the following types of audit policies must be run in order to collect audit data:
Data Policies
Privilege Policies: using the audit data retrieval method
Metadata Policies: using the audit data retrieval method
2. For tracking audit activity with the Data policies, run the following commands
audit system audit; audit audit system; audit audit any;
and then Close and Open your database connection in Data policies.
Report columns
The following columns are displayed in the report body.
Columns
Description
User ID
The ID of the database user that conducted the flagged activity
OS User
The OS User that conducted the flagged activity
Object
The name and owner of the database object that was directly manipulated by the flagged activity
Timestamp
The exact time the flagged activity was conducted
Terminal
The terminal IP address or name
Origin Application
The name, or other identifier, for the originating application, if the activity originated from an external application or from an application server
Action
The type of action successfully enacted by the User ID.
See also
General steps for generating PCI, SOX, and HIPAA reports