Audit logging

This control targets both internal and external fraud risks. 

Examples

Examples of this control include:

• setting up audit logging by capturing information like:
  • access to systems for audit purposes
  • changes to data and who made the changes
  • access to sensitive information
  • access and use of high-risk accounts and transactions.

Risks from control gap 

Poor or no audit logging can lead to:

• difficulty in detecting, analysing, investigating and disrupting fraudulent activity
• insufficient data not being able to support an investigation.

Assessing effectiveness

Methods to evaluate the effectiveness of this control include:

• confirming that audit logging is switched on
• reviewing the logs to confirm they capture sufficient and meaningful information to support detection or an investigation
• conducting random and targeted reviews of audit logs
• checking that the method of logging is reliable
• confirming and testing (if required) that audit logs are stored securely
• confirming that audit logs are available to investigators
• confirming that audit logs cannot be switched off, deleted or altered, even by staff with privileged access
• if audit logs can be altered, confirming that these actions are also logged and that copies of originals are retained
• confirming that audit logs are retained as per the relevant records authority.

Related fraudster personas

Types of behaviour this control is designed to mitigate:

More information

• Minimise the opportunities for fraudsters to exploit your government-funded initiative
• Learn the red flags of mandate fraud, like grooming or manipulation, urgent change requests and emails from unknown senders
• Find out more about the seven common personas that fraudsters use when committing financial crimes
• Understand the wider impacts of public sector fraud, beyond just financial