In this work program sample, we provide general best-practice steps for the treasury security review audit process.

Sample steps include identifying users with access to edit configuration items and transactions; selecting a sample of users to identify and review for appropriateness to access; determining if system reports are run periodically; obtaining policies and procedures to grant user access; obtaining approval forms for initial requests; identifying the procedure to revoke access for terminated employees; and selecting a sample of 10 terminated employees and ensuring that their access is revoked.