SOX 404 Requires Periodic User Access Reviews
The Sarbanes-Oxley Act of 2002 was established to protect shareholders from accounting errors and fraud by public companies. Among other requirements, the Act created auditing and control requirements, including IT controls around user access rights.
One of the most challenging SOX 404 requirements is the periodic review of user access rights. Also known as a user entitlement review, companies must review access to systems that materially affect a company’s financial records. These reviews are most often performed quarterly and create a tremendous burden as staff collect user access data, then send out volumes of spreadsheets waiting for replies from managers and business owners.
SCC created Access Auditor to automate this entire process and eliminate the spreadsheet rodeo. Within a matter of days, our customers can launch simple access reviews with Access Auditor.
Many of our customers previously spent an entire month just collecting and collating their access rights data, followed by another month of email and follow-ups attempting to complete the review. Those same companies now have data automatically loaded into Access Auditor, and can start the next entitlement review with the push of a button.
Related Information
Cloud Marketing Leader Responsys Automates Identity Governance (IAG) with Access Auditor®
Access Auditor Brochure
Automates User Access Reviews and Identity Governance
Starwood Hotels Simplifies User Access Rights Controls for PCI and SOX with Access Auditor®
Successful Customers
The Access Auditor product provided the right balance of features and simplicity, being able to handle both our in-house custom applications as well as our cloud vendors like salesforce.com, Workday, and Coupa.