Suppose you are responsible for accounts payable and receivable and must implement procedures to prevent a potentially risky aggregation of responsibilities in employees working in the accounting department. This policy must ensure that personnel with responsibility for accounts payable do not also have responsibility for accounts receivable.
The audit policy will contain:
A set of rules. Each specifies a condition that constitutes a policy violation.
A workflow that launches remediation tasks.
A group of designated administrators, or remediators, with permission to view and respond to policy violations created by the preceding rules.
After the rules identify policy violations (in this scenario, users with too much authority), the associated workflow can launch specific remediation-related tasks, including automatically notifying select remediators.
Level 1 remediators are the first remediators contacted when an audit scan identifies a policy violation. When the escalation period identified in this area is exceeded, Identity Manager notifies the remediators at the next level (if more than one level is specified for the audit policy).
The next section, “Working with Audit Policies,” describes how to use the Audit Policy Wizard to create an audit policy.