Start With The End In Mind: Blog #6 – Eliminate Audit Deficiencies and Improve Audit Performance
(Source: SailPoint Technologies, Inc. Identity and Access Management Buyers Guide)
Identity management is a focal point for IT audits and one of the areas most commonly flagged for ineffective controls. During many Sarbanes-Oxley (SOX) audits, weak identity controls often receive negative audit findings in the form of control deficiencies or material weaknesses.
Here are some of the most common identity risks auditors are looking for:
- Orphan accounts: Access that remains active for employees or contractors after termination due to failure to remove privileges
- Entitlement creep: The accrual of privileges over time through transfers, promotions or other changes in roles resulting in employees with access beyond their job requirements
- Separation-of-duty (SoD) violations: Inappropriate access resulting in excessive control over business transactions or the ability to perform conflicting duties
- Poorly managed privileged user accounts: Anonymous accounts that are typically the domain of privileged users are managed using manual processes and are very difficult to audit
- Lack of visibility into access by job function: Business users struggle to interpret technical IT data to make business decisions about what access is required to perform a specific job function.
If you’ve failed an audit due to weakness around any of these identity risks, we have good news. The right identity and access management solution will improve your visibility into risky or noncompliant areas and automate your processes for managing these risks. An enterprise-wide view of your identity data can help you to effectively analyze risk, make more informed decisions and implement the appropriate controls in an automated and more sustainable fashion. Further, aligning user access with job functions through an enterprise role model can strengthen user access controls by providing valuable business context around how specific sets of access map to the underlying business function being performed by an individual. The result? Less chances of negative audit findings or failing another audit. More chances of seeing audit performance improve over time.
Check back for blog #7, Lower the Cost of Compliance
Visit SailPoint Technologies, Inc. here.
Learn more about PathMaker Group IAM MAP here.