Because years of changes had resulted in multiple layers for user access, determining role changes and getting roles to be risk free was a monumental task. In addition, there was a need to revamp the security request process to avoid risks and excessive access on a pro-active basis. A parallel process to implement a new process using the GRC Access Request Management (ARM) process and a task based role design was initiated. The revamped process provides a leaner role population closer aligned with access needs. The task names are easily identified by business users and replace the risk prone “model” user approach.
A pilot of the approach was undertaken with three business areas. This enabled us to complete the proof of concept and to determine the benefits for an enterprise wide roll out. There was one global department, one with multiple areas located in the headquarters, and one group with multiple geographic locations. An Analysis of transaction usage among the users in each of the groups was used to determine necessary transactions. In addition controls by organizational areas where necessary were also analyzed from transaction history. A comparison of the new accepted, tested roles revealed a 44% reduction in access and 100% removal of access risks.