Companies use multiple business applications to help with specific operational duties, such as Enterprise Resource Planning (ERP) systems for accounting and financial reporting, Customer Relationship Management (CRM) for sales and marketing functions, and Human Capital Management for talent management and employee onboarding.
Each of these business systems provide a system for provisioning user rights and privileges, but few companies actually track the rights and privileges their employees have across all the company’s business systems. Many companies still grant user roles and permissions manually using emails and spreadsheets. Emergency access may even be granted based simply on a conversation
Manually granting user access rights makes it difficult to control the risk to the business and can ultimately create problems, such as:
- Inability to gain a clear view of access risk across systems
- High cost of consolidating control information, particularly for audits and regulatory review
- Incomplete documentation and limited visibility into changes that makes maintaining accurate control information difficult
- Inability to respond quickly to changing risks, regulations, laws, and situations
- Ultimately, a loss of confidential information, integrity of data, and authority of the overall process
Michael Rasmussen from GRC 20/20 and I presented a webinar during our GRCDays, Domo Arigato Mr. Roboto: How to Introduce Automation Into Your Control Environment, about the need for companies to move from manual provisioning to a company-wide, cross-platform view of user access rights across all the company’s business applications.
By automating access rights and privileges, companies can control the access individuals have across all their business applications and monitor them at all times. This ensures better compliance and more collaboration between auditors and operational managers.
Advantages of automated controls include the ability to:
- Identify risks immediately and remediate them
- Provide periodic access reviews
- Establish emergency access processes
- Centrally manage user access
Get the eBook Automating Your Control Environment and learn how implementing an automated control system for assigning user roles and access rights can help you maximize your company’s risk management and compliance.