Goals of Identity Auditing

Identity auditing improves audit performance as follows:

• Identity auditing automatically detects compliance violations and facilitates swift remediation through immediate notification

  Identity Manager audit policy features let you define rules (that is, criteria) for violations. Once defined, the system scans for conditions that violate established policies, such as unauthorized access changes or erroneous access privileges. Upon detection, the system notifies the appropriate persons according to a defined escalation chain. User-invoked tasks, or workflows that are automatically invoked by policy violations, can then remediate (correct) the violation.

• Provides key information, on-demand, about the effectiveness of internal audit controls

  The Auditor Reports provide summary status information about violations and exceptions for quick analysis of risk status. The Reports tab also provides graphical reports of violations. You can view violations by resource, organization, or policy, customizing each chart according to the report characteristics you define.

• Automates certification reviews of identity controls to reduce operational risk

  Workflow capabilities enable automated notification of policy and access violations to selected reviewers.

• Prepares comprehensive reports that detail user activity and meet regulatory requirements

  The Reports area lets you define detailed reports and charts that provide information on access history and privileges, and other policy violations. The system keeps a secure and comprehensive identity audit trail that can be mined, through reporting capabilities, for access data and user profile updates.

• Streamlines the process of periodic reviews to maintain security and regulatory compliance

  Periodic access reviews can be conducted to collect user entitlement records and determine which entitlements require review. The process then notifies designated attestors of pending requests for review and updates the status or pending requests when attestor actions on the requests are completed.

• Identifies potential conflict-of-interest capabilities for user accounts

  Identity Manager provides a Separation of Duties report that identifies users with specific capabilities or privileges that could be a potential conflict of interest.