As organizations continue to face compliance and security challenges with rapidly growing identity privileges across hybrid and multi-cloud digital platforms, auditors require more insightful access audits to ensure effective access controls across critical systems including ERP, HCM, CRM, IDM, and ITSM. Audit findings can occur when the Identity Access Management systems, IT Service Management systems, and Business Applications have inconsistent records of privileges requested or assigned to user identities.
Now independent auditors can leverage the advanced audit capabilities in SafeInsight™ to conduct a higher quality access audit that also reduces the effort required for the manual sample-based approach which may be more error-prone as well.
Access Audit is now available for use under the SafeInsight™ product. Auditors can use the new analytics in access audit to assess the overall status of access by application and access rights. For example, the reports available can verify the final status of remediation in the ERP system after corrective action tickets posted in ITSM systems such as ServiceNow from SafePaaS during the user access certification survey are completed on time and verified in the ERP system.
Additionally, Access Audit can identify security inconsistencies in access requests approved in the provisioning systems vs the access granted in the business applications. Audit Analytics enables users to view security snapshots from multiple data sources configured in DataProbeETL™. The user can detect variances in snapshots across security objects with common attributes (e.g. IDs, Dates, Names) across two or more data resources.
Users can select data source (application environment) filters from all active data sources for comparison. Two new reports under Access Audit can be viewed online or scheduled to verify (tie out) the access change requests (Verification Report) as well as view variance results (Variance Report).
Time range filters based on “created date” and “updated date” fields are available to cover the audit period e.g current quarter, year, etc. The time range filter is also available to review previous periods – month, quarter, year, etc…
We recognize the burden and pressure placed on our customers by their external auditors to demonstrate the operating effectiveness of internal controls. We plan to continually enhance the audit analytics to address the growing need for testing ITGC and ITAC controls as PCAOB releases guidelines to external audit firms.
SafeInsight™ Audit Analytics will continue to keep you ahead of the curve allowing you to interpret the data to discover unknown business risks or opportunities as it happens or, even better, anticipate the next one. You can anticipate future outcomes based on historical data. You can apply statistical modeling and machine learning to obtain a rearview mirror of your company’s performance.
