Fastpath Assure is a security, risk, and compliance management platform that helps organizations with fraud, auditing, and security management efforts. Fastpath can automatically analyze and mitigate Segregation of Duties (SOD) conflicts by user, role, permission, or object for each application, allowing administrators to identify user permissions at the most granular security object. Additional modules, like Identity Manager, Security Designer, Audit Trail, and Risk Quantification, offer organizations a suite of detective, preventative, and reactive controls to identify and manage risk.
But where does a tool like Fastpath fit in your organization?
- Excessive user access to sensitive business applications, such as ERP, HCM, and CRM, can lead to internal fraud and compliance violations. Both internal and external auditors are interested in the information Fastpath can provide regarding user access management within and across these applications collectively.
- One of the leading sources of financial exposure in an organization is the financial risk caused by error or fraud due to too much user access in the company’s financial applications. In these situations, the Finance department will have interest in Fastpath’s ability to identify SOD and Sensitive Access risks.
- Since many of these applications involve activities outside strictly financial operations, including Sales, Warehousing, Human Resources, and Marketing, the Business Process Owners of these departments will be interested in the automated Access Reviews and Certifications available from Fastpath. These tools allow them to periodically review and certify the access their employees have to these applications.
- As more organizations move to best-of-breed applications, they must rely on the complex integration of sophisticated software to keep their business moving forward. Most of the technical aspects of the security, maintenance, and provisioning of these business applications, including SAP, NetSuite, Microsoft Dynamics, Oracle, Salesforce, and more, fall on the IT department. IT will typically manage or oversee many day-to-day tasks within Fastpath due to the ability to analyze and manage access across multiple applications and vendors.
So, where does Fastpath belong in your organization?
In the best-case scenario, Fastpath, or any security and risk management tool, would be owned collectively by the business process owners, the audit team, Finance, and the IT/Security team all working together. This is found most often in more mature organizations by implementing governance which defines key stakeholders across business and IT. Generally, the BPOs would know what their users do and the level of access they require to be the most productive. The audit team would review the BPOs’ findings and assessments and help them balance productivity with prevention and risk mitigation. The Finance department will be able to identify the areas of risk and advise on SOD mitigations. And the security team would be tasked with making the appropriate changes from those findings. An effective program must have buy-in from all stakeholders of the organization, irrespective of whose cost center is responsible for paying for the technology in the end.