User ID evaluation - for auditing access control a list of authorized users and their privileges will be obtained. The IS auditor will also obtain the list of standard roles and the authorizations required for the roles. The next step is to ascertain that all the authorized users have the appropriate privileges in line with their job responsibilities. To do this, the auditor should examine the roles that have been assigned to the various users, and ensure that the roles are in sync with their current job responsibilities. The next step is to identify from the system the authorizations and privileges associated with each of the roles in use, to ensure that roles, as defined in the system, are in line with what the role is expected to be