Manual Access Recertification: An Audit Nightmare
The was established with Sarbanes- Oxley Act of 2002 (SOX). Section 404 states: â€œRegistered accounting firm shall, in the same report, attest to and report on the assessment on the effectiveness of the internal control structure and procedures for financial reportingâ€. Simply put, companies are required to maintain the integrity of reports by ensuring right resources have access to the right systems that generate these reports. seemed like a great way to maintain compliance when the law was enacted. Unfortunately, with proliferation of IT assets and growing sophistication of hackers, manual access recertification is an anti-pattern for security and compliance:
1. Audit Nightmare: Without exception we keep hearing about organizations that have their internal audit teams do assessment of access over spreadsheets spanning hundreds of tabs and then undertaking back and forth emails among stakeholders to capture audit evidence. It is no surprise that many of these organizations have .
2. Productivity Drain: is tedious execution of repetitive tasks that are non value add to the company and employee morale. A typical quarterly acmes recertification for a 1000 plus employee company requires many paid hours to collect and transform information from applications, databases and files under review. The process g""
Author Signature :
SecurEnds is an information security company headquartered in Atlanta, Georgia which helps to reduce security risk and costs by automating identity governance & access control. ..