Academic journal article Journal of Accountancy

Managing Multiple Identities: Determine the Best Identity and Access Management Solution for Your Organization

Academic journal article Journal of Accountancy

Managing Multiple Identities: Determine the Best Identity and Access Management Solution for Your Organization

Article excerpt

EXECUTIVE SUMMARY

* Identity management addresses the difficulties encountered when one physical user has separate user IDs and passwords on multiple systems and applications. Access management addresses the challenges associated with the specific access rights and permissions of multiple user IDs.

* Large, complex organizations have the greatest potential to benefit from software-based IAM. Smaller organizations may find that performing an IAM readiness review could generate policy and process improvements that would facilitate initiatives that would allow the organization to realize benefits without implementing new software.

* Internal control and corporate governance are the primary drivers of IAM solution implementations. Benefits include centralized monitoring, detection of policy exceptions and segregation of duties. Other considerations include controlling access to centralized IAM, defining and tuning rules, and integrating the IAM solution with the organization's current internal control environment.

* The ideal IAM solution must effectively manage the life cycle, which runs from the creation, change and, ultimately, to the deletion of a user's multiple user IDs and associated permissions.

* Integrators should be measured on cost, functionality, track record, their expertise with existing systems, and their ability to scale with you as your business changes.

* Readiness criteria and maintenance should be determined prior to implementation.

**********

[ILLUSTRATION OMITTED]

Imagine that you're on the golf course, one of your clones is at work, and the other clone is preparing dinner. It sounds like a perfect scenario until the clone at work gets fired and the other clone burns down your house. Just as managing multiple physical identities would present challenges and expose you to greater risk, managing or auditing multiple logical identities, like user IDs, passwords, and permissions on various systems, poses a formidable challenge and greatly increases risk exposure. This is where identity and access management (IAM) comes in.

Identity management addresses the difficulties encountered when one physical user has separate user IDs and passwords on multiple systems and applications. Access management addresses the challenges associated with the specific access rights and permissions of multiple user IDs. Identity and access management becomes more burdensome as the size and complexity of the company grows. This article focuses on the benefits, risks, leading practices and audit considerations of both identity and access management.

EVALUATING THE IAM BUSINESS CASE

Generally, the larger and more complex your organization, the greater the potential benefit that would be derived from software-based IAM. Alternatively, smaller and less complex organizations may find that simply performing an IAM readiness review could generate policy and process improvements that would facilitate compliance and information security initiatives that would allow the organization to realize benefits without implementing new software.

Policy and process improvements include user ID naming conventions; process work instructions that clearly detail steps for user administration functions; defined segregation of duties policies; and user ID reviews that focus on higher risk systems. Standard cost/benefit models can be used to generate a realistic IAM business case as long as the model adequately considers implementation risks and a thorough analysis of a company's unique business circumstances.

BENEFITS OF IAM TO INTERNAL CONTROL

Compliance with Sarbanes-Oxley section 404 requirements for internal control over financial reporting is one of the primary drivers of IAM software implementations, The following are key benefits and considerations from an internal and external audit perspective:

Benefits

* Centralized monitoring, IAM software provides the ability to centrally manage and monitor user IDs and access permissions based on pre-defined roles. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.