1. Using Risk and Security Snapshot Report
  2. Summary Worksheets

Summary Worksheets

Four worksheets provide summaries of the overall analysis and of access and transaction results. Click the following tabs to review them.

  • Summary Table is the initial worksheet in every report. It provides an ID number and submission date for the analysis job, the name of the user who ran the analysis, the business process it examines, and the analysis period. It also provides distinct lists of all the access algorithms and all the transaction algorithms used in the analysis.

    Each row in each of the lists includes information about an algorithm the job has run, an "internal control" for which the algorithm detects issues, a risk that the control guards against, and a business process affected by the risk. For each of these elements, you'll see a name, a reference code, and a description. (A process name comprises three levels describing a focused effort within a larger process.) Each row also provides a summary of its algorithm's results.

    The application limits each algorithm to a maximum of 5,000 result records. This both ensures a meaningful set of results for investigation and increases the likelihood that the analysis job will run within twenty-four hours. In each row, a value in an Algorithm Results Truncated column tells whether results are truncated or complete.

  • Intrarole Access Risks is included if the analysis runs at least one access algorithm. It identifies roles that can't be assigned to any user without some risk, because each role contains access issues on its own. Each row shows the name of a role, the number and names of the algorithms it's violated, and the number of users assigned the role.

  • User Access Risks is also included if the analysis runs at least one access algorithm. Each row gives the name of a user (and that user's position and manager), the number and names of the algorithms violated by that user's role assignments, and the number of unique paths that lead from a job role the user is assigned to another role or privilege involved in a conflict defined by the algorithm.

  • Transaction Risk Summary is included if the analysis runs at least one transaction algorithm. Each row gives the name and a brief description of a transaction algorithm, the number of result records the algorithm has returned, and (if appropriate) the monetary value of the transactions that violate the algorithm.