Last week we discussed lack of visibility of access risks for management and the issues this creates. In this blog, I discuss the fifth and final issue of time and cost of audit, when no automated tools are in place.
Excessive time and cost of audit
Even before an audit, preparing for an audit is time consuming and costly.
Some external auditors will bring their own SoD tools to perform an audit. They will generally charge the client for the use of the tool and the time to set it up. For example, one of our FMCG clients had received a number of negative access audits and was being charged an additional substantive audit fee because the auditors could not place reliance on access controls in the sys.
They recently decided to implement GRC AC to address the issue, and during preparation of the business case, they found the one-off cost of the software purchase will offset the cost of the substantive audit fee.
Our clients who use AC find their auditors are willing to place reliance on the tool and the results. Customers have consequently been able to negotiate reduced audit fees of up to 30%.
Rapid Deployment Solution for AC
Turnkey Consulting Australia are the first in the country to offer a Rapid Deployment Solution (RDS) for GRC Access Control
You can be up and running with Access Risk Analysis and Emergency User Access in as little as 6 weeks for a fixed fee.
Turnkey Consulting is helping to make the world a safer place to do business by specialising its expertise across Integrated Risk Management, Identity and Access Management, and Cyber and Application Security. We provide business consulting, technology implementation and managed services to help customers safeguard their application environments - protecting critical ERPs (such as SAP, Oracle and MS Dynamics) and wider enterprise systems.