Is it possible to review the audit log?
Enabling audit log is an issue to application performance, everybody agree about that, especially IT department guys. But when you ask the audit log issue to IS auditor then absolutely they will said that audit log is mandatory for any regulatory compliance.
Here is the major issue why audit log usually become major finding in every audit engagement:
1. Enabling audit log produce a lot of data files.
IT engineer in telecommunication managing MSC or HLR device will feel very difficult if should maintain the log retention for a long time. IT officer from manufacturing company will find difficulties when enabling all audit log function
2. Reviewing audit log, need special skill and even special tools.
Even if we have a very large storage to store the audits log. We still need tools to analyze the pattern in audit log. Large data without good interpretation is nothing.
3. Partial audit log is not effective
Some of smart auditor always told the client to enabling several important audit log only such as log for administrator, or log for sensitive transaction. This recommendation will be used if the client insists could not implement the audit log for their application.
4. Outsource audit log review is impossible
Due to limitation and company policy, one of my friend in largest bank in South East Asia told me that his company start to outsource its audit log review to other company. Considering that audit log review is sensitive activity, is a difficult choice to outsource the audit log.