<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=523033&amp;fmt=gif">

Identify and Mitigate User Access Risk in Workday

Identity Management and Audit Reporting for Workday

Analyzing access and monitoring segregation of duties risks are on-going challenges for a complex, leading enterprise finance, HR, and planning solution like Workday. Our team of Certified Internal Auditors has analyzed the unique challenges presented by Workday and developed audit templates, segregation of duties rules, and key audit reports to achieve continuous compliance. Fastpath Assure® breaks down the complex security model of Workday into easily consumable reports that help identify the following: 

  • Security group membership
  • Domain and business process access
  • Organization restrictions
  • Risk in user access

Using Fastpath, businesses can understand their overall application security risk posture, monitor organizational security, and provide necessary documentation to internal and external auditors.

Access Risk Monitor

Fastpath’s Access Risk Monitor (ARM) allows customers to identify and mitigate user access risks by both Separation of Duties (SOD) and Sensitive Access (SA). Customers can also use ARM to produce reports that monitor access risk by user, security group, domain, and/or business process in Workday.

Use Fastpath ARM to answer questions such as:

  • Which users have access to a specific domain or business process action?
  • What security groups are providing access?
  • Which organizations is a user limited to?

ARM Separation of Duties and Sensitive Access Analysis Capabilities

ARM’s Separation of Duties (SOD) capabilities include an out-of-the box ruleset built specifically for Workday by our team of certified auditors. With over a hundred conflicts in the ruleset, you can easily add to and customize it for your specific needs. Each conflict can be assigned a risk level along with business or IT activities.

  • Extensive list of SOD conflicts specifically designed for Workday, pre-mapped to domains and business process actions.
  • Allows users to assess their SOD risk impact related to Business Process Definitions, including any routing restrictions associated with them.
  • SOD analysis can be performed by user, security group, domain, or business process.
  • Simple to review and sign-off on mitigating controls.
  • View SOD and SA risk across multiple ERP/CRM systems (e.g., Workday and Salesforce).
  • Fastpath comes with out-of-the-box connectors for many other business applications, such as Oracle, NetSuite, SAP, Microsoft Dynamics, and Salesforce. Use Fastpath’s Universal Product Integration to connect to even more applications, including legacy systems.
  • Assists in Sarbanes-Oxley (SOX) compliance in Workday.

ARM Report Scheduling Capabilities

Use prebuilt reports to quickly analyze who has access to critical data at the lowest levels to reduce the resources and time needed to conduct these reviews regularly.

  • Understand potential SOD risks before granting approval for user access requests.
  • Security reporting by user, security group, domain, and business process action.
  • Define custom report schedules (daily, weekly, monthly).

Access Certification

Fastpath’s Access Certification automates the User Access Review process by identifying users who have potential access risk and notifying the responsible Business Process Owners (BPOs). The BPOs then review and accept or reject the access privileges for those users and/or roles within their area of responsibility who pose significant risk to the organization.

Access Certification allows BPOs to schedule periodic full or rolling user access reviews and sign off on various types of access: Risk (SOD or SA), Security Group Assignment, Security Group Configuration, Business Activity, and Product (for certifications spanning multiple applications beyond Workday). These review types, risk criteria, and BPO Ownership Groups are easily configurable workflow options.

  • Schedule certifications – Define owners of the access type for review and schedule reviews for both full access reviews and rolling access reviews.
  • Document reviews – All reports can be scheduled and signed from the report window. This record can be filtered by name, date, and signing user.
  • Notify Audit or Security teams upon certification
    • Audit Team – The Audit Team will receive all notifications when a review has been completed in an Excel attachment via an email.
    • Security Team – The Security Team will receive notifications when a Product review or Security Role review has been completed with any rejected items identified to help facilitate any needed remediation requests in the target application(s).
  • Audit reports – Generate reports showing access review and certifications for internal and external audits.
Download the eBook, Workday Access Security Using Fastpath Assure, to learn more about Workday's security model and how Fastpath helps manage user access risks within Workday and other business applications.
View the Fastpath Assure for Workday product sheet.
Ready for a customized product demonstration of how Fastpath can help you manage user access security in Workday? Book a demo here.

Fastpath Assure for Workday

Our team of Certified Internal Auditors has analyzed the unique challenges presented by Workday and developed audit templates, segregation of duties rules, and key audit reports as a part of Fastpath Assure, to help you achieve continuous compliance. Read More

Use This Guide to Reduce Risk

If you're looking for a step-by-step plan to help you get started on an overall risk assessment, and a plan for correction, this paper is for you. Inside you will learn how to begin, and then execute on, developing your own risk assessment plan. Read More
RAPID INSTALL
AUDIT EXPERTS ON STAFF INCLUDING CIA, CISA, CPA & CRISC
SKILLFUL AND ATTENTIVE SERVICE & SUPPORT PROFESSIONALS
UNLIMITED USERS
How-To Risk Assessment Guide

Step-by-Step Risk Assessment Guide

If you're looking for a step-by-step plan to help you get started on an overall risk assessment, and a plan for correction, this paper is for you. Inside you will learn how to begin, and then execute on, developing your own risk assessment plan.

Download the Guide

Designing Oracle ERP Cloud Security

How-To Guide for Designing Oracle ERP Cloud Security

Building A Strong Security Architecture for Oracle ERP Cloud - Protect your company with this Step-by-Step approach. For companies looking to move to Oracle ERP Cloud, it is critical to include a strong application security design aimed to deter fraud, and ensure that transactions performed in the cloud are appropriate and authorized. Whether you're implementing or redesigning your Oracle project, follow this guide to achieve a secure Oracle ERP Cloud system and avoid the common pitfalls in the process.

Get the report here!

Use this Dynamics 365FO Matrix to Design Your Security Roles

Use this Dynamics 365FO Matrix to Design Your Security Roles


Building roles and implementing strong security in D365FO can be a daunting task, so we created a tool to assist in designing security roles for Dynamics 365 for Finance and Operations.

Get the Matrix!

Access Controls In SAP - The What And How Of SAP Security

Access Controls In SAP - The What And How Of SAP Security

Whether you know the importance of access controls or not, implementing and maintaining them can still be a difficult part of your SAP security plan. This eBook reviews what access controls are, how SAP handles them, how you should implement and maintain them, and even suggests some tools to make the process easier on you.

Download the Paper