Suppose you are responsible for accounts payable and receivable, and you must implement procedures to prevent a potentially risky aggregation of responsibilities for employees working in the accounting department. This policy must ensure that personnel with responsibility for accounts payable do not also have responsibility for accounts receivable.
The audit policy must contain:
A set of rules, each specifying a condition that constitutes a policy violation.
A workflow that launches remediation tasks.
A group of designated administrators, or remediators, with permission to view and respond to policy violations created by the preceding rules.
After the rules identify policy violations (in this scenario, users with too much authority), the associated workflow can launch specific remediation-related tasks, including automatically notifying select remediators.
Level 1 remediators are the first remediators contacted when an audit scan identifies a policy violation. When the escalation period identified in this area is exceeded, Waveset notifies the remediators at the next level (if more than one level is specified for the audit policy).
The Creating an Audit Policy section describes how to use the Audit Policy Wizard to create an audit policy.