1. W E D N E S D A Y , N O V E M B E R 2 0 , 2 0 1 3
Access Rights Review

2. 5/19/2016
Governance Model
1
Purpose
The Need
Shared Ownership
Key Elements
Audit Team
Department Reviews
New Access Management Policy
Access Rights Review Process
Schedule (up to Pilot, after Pilot)
Schedule A – Periodic Reviews
11/20/2013

3. Create a reliable and
consistent corporate model
to identify and evaluate user
access rights that is….
Purpose
11/20/2013
In compliance with the security and risk
management process.
2

4. The Need
11/20/2013
1
• Response to internal and external Audits
2
• Culture of compliance – “it’s the right thing to do”
3
• Enforce the Principle of “least privilege”
4
• Identify access and permissions to MeM systems
5
• Detect inappropriate access to MeM systems
6
• Correct inaccuracy access thus reducing risk for the
organization
3

5. Shared Ownership
11/20/2013
Re s p o n s i b i l i t yOwn ers h ipAu th ority
EXECUTIVE
TEAM
INITIATIVE FINANCE
PROCESS IS OPERATIONS
DATA BUSINESS UNITS
4

6. Key Elements
11/20/2013
Coordinate/
Conduct
Process
Review &
Approve
Schedule
Approve
Reports
Approve
Process
Coordinate
Kickoff
Review
Findings
Integrate
Corporate
Policies (3)
Schedule
Identify
Systems to
Review
Determine
Periodic
Reviews
Determine
Start/End
Dates
Determine
Data Owner
Get
Schedule
Approval
Reports
Identify
Reports
Determine
Report
Data
Determine
Report
Format
Determine
Delivery
Method
Get
Report
Approval
Pilot
Determine
Process
Select
System to
Pilot
Perform
Process
Review/
Fine-Tune
Process
Get
Process
Approval
5

7. Audit Team
11/20/2013
Audit
Team
Finance
(Controller or
External Auditor)
Compliance
(Compliance
Manager)
6

8. Audit Team
Data Owners
IT
11/20/2013
Department Reviews
7

9. 11/20/2013
New Access Management Policy
8

10. 11/20/2013
9
7.1 Department Reviews Process

11. 11/20/2013
10
7.2 Audits Process

12. 11/20/2013
11
Schedule (Up to Pilot)

13. 11/20/2013
12
Schedule (after Pilot)

14. 11/20/2013
13
Periodic Reviews

15. 11/20/2013
14
Questions
Q & A