Jason Saving is an IT auditor for a large, public accounting rm. His manager has assigned him to the Consolidated Company audit. The IT auditors

Jason Saving is an IT auditor for a large, public accounting firm. His manager has assigned him to the Consolidated Company audit. The IT auditors must complete several evaluating and testing procedures in order to help determine the scope of financial audit. The IT auditors also need to evaluate IT controls to provide the financial auditors with information in order to form an opinion on internal controls as part of Sarbanes-Oxley compliance.
Consolidated Company manufactures automotive parts and supplies them to the largest automakers. The company has approximately 1,500 employees and has manufacturing operations and offices in three locations. Consolidated uses a mid-sized ERP software program for manufacturers that they acquired and implemented two years ago.
You need to develop an audit program to examine logical access to the ERP system. According to the Security Administrator at Consolidated, each employee is assigned a unique User ID and password when they join the company. The company is very concerned about security, so there is no remote access to the ERP system. The ERP system requires that users change their passwords every six months. System and group settings assigned to each User ID determine what parts of the ERP systems are available to each user.
Requirements
1. Explain how a deficiency in controls over User IDs and passwords might affect the financial statements.
2. Why is it necessary to examine User IDs and passwords?
3. Describe at least four control procedures that Consolidated should have in place to ensure that only authorized users access the system and that user access is limited according to their responsibilities.