Access Risk Management: Continuously Identifying and Tracking Access Risks
Ever since the big financial scandals, checking and reviewing of access rights, access rights concepts as well as compliance with the separation of functions in a company have been gaining more and more significance. We all know sensitive data in the wrong hands could cause substantial damage. Especially with growing IT landscapes and systems of multiple manufacturers it is important to overview the access rights situation continuously.
Let´s talk about segregation of duties (SoD), statutory requirements, MaRisk, continuous auditing and all those little changes they just happen within a company’s life cycle always and every day:
- The systems of international and national subsidiaries may need to be linked to each other.
- Employees switch departments or they may leave the company.
- Employees work together in different teams.
- They may also work with external staff who have access to systems for a certain project.
- Interns pass through all departments and thus collect numerous access rights, irrespective of regulations.
How is it possible to keep the overview of all those potential risks? The answer will be given within the discussion.