Access recertification is an information technology control that includes reviewing user access rights to see if they are proper and comply with the company's internal rules and laws. Recertification is a part of an organization's governance risk and compliance activity. Recertification or attestation are different terms for the same thing. GRC (governance, risk, and compliance) is a collection of rules and procedures that enable firms to achieve their business goals, deal with uncertainty, and behave with integrity. Depending upon the size of the company, whether public or non-pubic, and the industry they are in, such as banking or finance, etc., many companies are required by law to perform recertification or attestation of access.
...