Create Recertification Audit

The review of user access rights to see if they are proper and correspond to the organization's internal rules and compliance standards is known as an access recertification audit. The audit process first collects information from organizational systems, such as IT and business applications. The data is presented in an informative way so auditors can easily see who has access to what privileges and take action for any unauthorized accesses/privileges. EmpowerID maintains an audit trail of these access snapshots and the decisions made concerning the access. In EmpowerID, an audit is a logically named user-defined object for identifying or grouping business requests and running the Recertification policies that generate them. EmpowerID recertification audits can be scheduled to run periodically, such as on a quarterly or monthly basis, weekly, daily, or at will.

You might want to audit or certify multiple items using an audit. For example, in a Q1 audit, we would like to certify an external partner and identify as well as a member of certain high-risk management roles. These items are specified in one or more recertification policies.

Key Information

  • The recertification policy defines the rules and procedures for reviewing access rights. In contrast, the recertification audit is the actual review of access rights against the company policies and regulations. An Audit can contain multiple policies enabling you to granularly configure to collect different types of data in a single audit. 

  • You can configure audits to run on schedule using the "IsTemplate" option. This allows you to create an audit as a template, which can then be configured to run at specific intervals or on specific dates. This allows for the audit process to be automated and ensures that the audit is conducted on a regular basis.

After creating an audit, you must add at least one Recertification Policy to the Audit to generate recertification tasks.

Create an audit

  1. On the navbar, expand Compliance and select Recertification.

  2. Select the Audits tab on the Recertification page and click the + icon to create an Audit.

     

  3. In the Audit Details form that appears, enter the following information and Click Save.

    • Name – Name of the Audit

    • Display Name – Display Name of the Audit

    • Creation Location – Click the Select a Location link and then search for and select the desired location.

    • Description – Description of the Audit

    • Started – Select the date you want to start the Audit.

    • Due Date – Select the date the Audit completes.

    • Audit Owner – Search for and select the person who is to be the audit owner.

    • Do No Allow Delete – Select this option if you do not want to allow the Audit to be deleted from the EmpowerID UI.

    • Enabled – Select to enable the Audit to run.

    • Is Template- Select this option to create an Audit as a template. Once you select this option, you can configure additional options for scheduling the Audit to run later or on a recurring basis.

       

  4. Audits can be scheduled to run periodically, such as on a quarterly or monthly basis, weekly, or daily; enable the settings below to audit schedule the Audit.

    • Is Template – Select this option to use this Audit as a template for quickly creating other audits. Selecting this checkbox will show another checkbox on the UI named "Enable Audit Creation on Schedule."

    • Enable "Audit Creation On Schedule - You need to select the dates and intervals on the Audit creation schedule and audit duration in days.

    • Audit Creation Schedule- Select the schedule to run the Audit. e.g., you can configure it to run on specific months of the year on a given date and time.

    • Audit Next Creation - Provide a date for the next Audit creation.

    • Audit Duration In Days- Specify the number of days the Audit will run; once the duration passes, the Audit will automatically close.

       

 

Closure of Audit

EmpowerID generates business requests and automatically routes them to auditors to make recertification decisions. Suppose these requests and items are still open or auditors haven’t yet provided a decision until audit closure. You can configure what happens to these open requests and other necessary actions once those decisions are made so that your recertification audits are completed smoothly when it is closed.

 

  • An audit is considered closed when the Due Date has been reached as specified when creating the audit.

  • A user chooses to unselect the Audit Open on the audit details page and closes the audit forcefully.

     

  • An audit is created per the schedule and completes the Audit Duration In Days.

Once the audit is closed, the recertification workflow engine will look for open business requests or items that still need certification. If any are found, the fulfillment workflow will apply the default decision provided in the policy for those open requests and close the items. This ensures that all access certification requests are handled based on the decision according to the recertification policy.


Next Steps

Add Recertification Policy to Audit

Â