1st December 2022, Brisbane, Australia: Following the release of its Business and Compliance Controls earlier this year, CERPASS today announced the launch of its User Access Reviews (UAR) feature to combat the ever-increasing risk of internal fraud.
“While there are plenty of variables that feed into business-related fraud, the current economic conditions is expected to further fuel an already upward trend in fraud and employee theft. Now, more than ever, there are calls for greater scrutiny and control over business activity and accessibility. This is why CERPASS’ new UAR feature is timely”, said Marissa Shipley, CEO of CERPASS.
Organisations with basic compliance structures are known to use a variety of identity and access management techniques like role-based access control to manage access privileges across their systems. Failure to account for organisational changes such as resignations, terminations, and transfers. leaves users with excessive access and the opportunity to exploit access for fraudulent purposes.
“Most companies are aware of the importance of User Access Review to enterprise security but lack the drive (or in some cases, resources) to conduct regular checks – primarily working reactively rather than proactively”, said Marissa.
“Think about the number of employee movements in your organisations, and how they are picking up different system accesses along the way”. The sum total of this presents a high risk to organisations. Controlling and regularly reviewing system access isn’t just security 101 — it is a compliance necessity!”
CERPASS’ all-new User Access Review (UAR) and Role Repository feature is purpose-built to optimise a company’s ability to proactively prevent internal fraud while also simultaneously meeting audit obligations.
The ‘Role Repository’ capability provides a listing of all roles in the connected system allowing for process and sub-process attributes. This is combined with the automatic synchronisation of any role updates including the initiation of workflows when new roles are added for security administrators to populate.
‘User Access Reviews’ may be created as a once-off or recurring review, with a static definition (including a selection of roles to be included in the review) or a dynamic definition consisting of processes, sub-processes and ownership enabling the UAR to stay updated with the role repository each time the UAR cycle commences.
KPI tiles show the UAR completion percentage and the percentage of roles that need to be reviewed in active UARs. Dashboard reports allow managers to track the number of reviews completed against those that are due in a selected time frame as well as the number of roles reviewed against those to be reviewed.
“Automating the UAR process eliminates the problem of managing access privileges manually. CERPASS’ new feature is designed to identify and mitigate potential access risks, establish a process to periodically review access privileges, increase productivity, create an audit trail of access requests and authorisations – notifying the need for proactive responses before potential disaster strikes”, said Marissa.
