job Kontroll og sikkerhet

Auditing Identity and Access Management

This GTAG will help internal auditors understand key terms and how to approach an audit to ensure their organization’s IAM protocols help mitigate potential security and regulatory risks.

New GTAG from IIA

This guidance will enable internal auditors to understand:

  • IAM and develop a working knowledge of relevant processes, including related governance and security controls.
  • Risks and opportunities associated with IAM.
  • Components of the IAM process, including provisioning IDs, administering and authorizing access rights, and maintaining enforcement through authentication, reauthorization reviews, and automated account deactivation processes.
  • Some of the considerations and strategies for implementing IAM controls.
  • The basics of auditing IAM, including specific controls that should be evaluated.