Professional Documents
Culture Documents
Effective-User-Access-Reviews Joa Eng 0819
Effective-User-Access-Reviews Joa Eng 0819
produces code and performs unit testing. A of the enterprise audit and assurance program.
lead then verifies the code and test results and Determine the frequency of user access reviews
moves the code to a higher environment. The based on the criticality of the asset, the
developer cannot move the code to a higher associated risk and user movement dynamics.
environment, and the lead does not have the
ability to develop code.
• Based on the calendar of activity, automatically
triggering or manually initiating IT user access
• Making it mandatory to use an onboarding review activity
document when providing access privileges
to a user
• Using an offboarding document (figure 4) when
a user moves out of a role, team or enterprise to
• Using a calendar of activity (figure 3) to mark remove user access to tools and applications.
and initiate periodic user access reviews as part The review should be scheduled as close as
Onboarding automation:
User makes
correction to
ticket
N
Approver or approver
Ticket for delegate validates Is Access End of
Access addition the request valid provided process
Y
Offboarding automation:
User makes
correction to
ticket
N