AccTech Audit Trails

accfactThe worldwide strategy adopted by governments and businesses alike to comply with good corporate governance is resulting in organisations re-visiting the security of their most important asset…Information!

Every business application, whether it be your Financial System or other Line-of-Business (LOB) applications, are reliant on a stable & secure database environment. The business challenge in securing this environment lies in the fact that your database is not safely locked away. It is accessed and modified, directly or indirectly, by every single business application user.

Organisations want sophisticated, yet easy-to-use tools to provide protective, detective, and corrective controls on the databases managing their Financial and LOB systems. AccTech Audit Trails is the answer.

Gain full control over your database environment:

  1. Protective Controls: Protective database controls can be seen as any proactive action which allows database administrators to effectively monitor the performance of their databases. AccTech Audit Trails triggers administrator alerts via Email or SMS, notifying system owners of pending server alerts such as the available space within the ERP database.
    – Unauthorised system user actions i.e. users providing authorisation to transactions above the levels determined in the governed financial policy; unauthorised rising of credit limits etc.
  2. Detective Controls: Detective database controls are any action which allows organisations to monitor, track and record database activities. AccTech Audit Trails does just that. Any action by any user on any system is tracked and recorded within AccTech Audit Trails application.
    • Create, alter and dropping of logins
    • Creation of new roles
    • Creation of new members
    • Create, alter and dropping of databases
    • Adding & dropping of database role members
    • Adding & dropping server role members
    • Creation, altering and dropping of tables
    • Creation, altering and dropping of views
    • Creation, altering and dropping of indexes
    • Creation of XML indexes
    • Creation, altering and dropping of full text indexes
    • Creation and dropping of synonyms
    • Creation, altering and dropping of functions
    • Creation, altering and dropping of procedures
    • Creation, altering and dropping of triggers
    • Creation, altering and dropping of assemblies
    • Creation and dropping of types
    • The insert, update or deletion of any field on any application.
  3. Three levels of auditing can be applied:

    1. Microsoft SQL Server Auditing:
    Monitor, track and record:

    2. Database Auditing:
    Monitor, track and record:

    3. Field Level Auditing:
    Monitor, track and record:

  4. Corrective Controls: Corrective database controls can be seen as any action triggered in response to the established detective controls allowing administrators or department heads to respond to unwanted or unauthorised user actions.
    • Normal Alert: Email to a system administrator or department head
    • Medium: SMS to a system administrator or department head
    • High: SMS & Email to a system administrator or department head
  5. a. Categories: AccTech Audit Trails allows administrators to add every user action or server activity to a specific category: Normal, Medium or High. Corrective rules are then applied to each category dictating the response to the tracked action.

    b. Alerts and notifications: Each of the above mentioned category are linked to a specific level of alert or notification:

Friendly names and structures for Sage ERP:

AccTech Audit Trails automatically includes the so-called friendly naming conventions linking database descriptions to the friendly names for the following applications:

  • Sage ERP Accpac
  • Sage CRM
  • AccTech eWorkflow
  • Peresoft Cashbook
  • AccTech Internal Requisitions