authorization review: 6 important tips from the field
DESCRIPTION
The process of reviewing authorizations enables enterprises to verify that authorizations granted to employees are still valid. The process entails that a manager must go through each authorization allocated to each of his/her employees, and decide whether to remove or keep it. In some cases, the authorization review process ends after a single manager’s approval. In other cases, additional approval steps from senior management are required. At the end of the process, a list is produced of all the employees whose authorizations were not approved and will need to be removed. The authorization review process is required by SOX and equivalent regulations, so companies need to review their authorizations at least once a year. Many organizations perform these reviews twice a year or even quarterly, depending on legal obligations and the requirements of the company’s auditors. “Authorization Review” is also often called “Access Review” or the “Authorization Inspection” process.TRANSCRIPT
![Page 1: Authorization Review: 6 important tips from the field](https://reader037.vdocuments.us/reader037/viewer/2022102804/5497f155b4795951238b46c2/html5/thumbnails/1.jpg)
Authorization Review: 6 Important Tips From The Field
Created by Xpandion
![Page 2: Authorization Review: 6 important tips from the field](https://reader037.vdocuments.us/reader037/viewer/2022102804/5497f155b4795951238b46c2/html5/thumbnails/2.jpg)
Author
Moshe Panzer
CEO, Xpandion
![Page 3: Authorization Review: 6 important tips from the field](https://reader037.vdocuments.us/reader037/viewer/2022102804/5497f155b4795951238b46c2/html5/thumbnails/3.jpg)
Tip #1: Prepare enough time in
advance.
![Page 4: Authorization Review: 6 important tips from the field](https://reader037.vdocuments.us/reader037/viewer/2022102804/5497f155b4795951238b46c2/html5/thumbnails/4.jpg)
The average time for the first implementation is
between twoweeks to three months,
depending on the number of systems, the
readiness of the databases and the organizational
culture.
Tip #1: Prepare enough time in advance.
![Page 5: Authorization Review: 6 important tips from the field](https://reader037.vdocuments.us/reader037/viewer/2022102804/5497f155b4795951238b46c2/html5/thumbnails/5.jpg)
Tip #2: Get top management support.
![Page 6: Authorization Review: 6 important tips from the field](https://reader037.vdocuments.us/reader037/viewer/2022102804/5497f155b4795951238b46c2/html5/thumbnails/6.jpg)
Higher management, like the CEO and CFO, must
support this process. Involve them to ensure a review that ends on time
andsuccessfully.
Tip #2: Get top management support.
![Page 7: Authorization Review: 6 important tips from the field](https://reader037.vdocuments.us/reader037/viewer/2022102804/5497f155b4795951238b46c2/html5/thumbnails/7.jpg)
Tip #3: Involve the auditor.
![Page 8: Authorization Review: 6 important tips from the field](https://reader037.vdocuments.us/reader037/viewer/2022102804/5497f155b4795951238b46c2/html5/thumbnails/8.jpg)
At the end of the day, the auditor is the real customer.
Include him as early as you can for professional guidance and to gain his confidence. The auditor could appoint a representative
to participate in statusmeetings, while the auditor
himself should attend executive meetings.
Tip #3: Involve the auditor.
![Page 9: Authorization Review: 6 important tips from the field](https://reader037.vdocuments.us/reader037/viewer/2022102804/5497f155b4795951238b46c2/html5/thumbnails/9.jpg)
Tip #4: Prepare proper infrastructure.
![Page 10: Authorization Review: 6 important tips from the field](https://reader037.vdocuments.us/reader037/viewer/2022102804/5497f155b4795951238b46c2/html5/thumbnails/10.jpg)
To keep the implementation process running swiftly and successfully, make sure to
prepare the proper infrastructure including
hardware, software, installations and allocation of authorizations
to all systems. Failing to do this could result in
delays and the authorization review could become
disqualified.
Tip #4: Prepare proper infrastructure.
![Page 11: Authorization Review: 6 important tips from the field](https://reader037.vdocuments.us/reader037/viewer/2022102804/5497f155b4795951238b46c2/html5/thumbnails/11.jpg)
Tip #5: Hold regular status meetings.
![Page 12: Authorization Review: 6 important tips from the field](https://reader037.vdocuments.us/reader037/viewer/2022102804/5497f155b4795951238b46c2/html5/thumbnails/12.jpg)
During the entire implementation process, until the end of the
review, hold progress meetings to discuss timetable and remaining
tasks. Schedule in enough time
dedicated to the authorization review and for applying any
relevant changes.
Tip #5: Hold regular status meetings.
![Page 13: Authorization Review: 6 important tips from the field](https://reader037.vdocuments.us/reader037/viewer/2022102804/5497f155b4795951238b46c2/html5/thumbnails/13.jpg)
Tip #6: Train the reviewers.
![Page 14: Authorization Review: 6 important tips from the field](https://reader037.vdocuments.us/reader037/viewer/2022102804/5497f155b4795951238b46c2/html5/thumbnails/14.jpg)
Organize a central meeting to train all relevant
managers on the authorization review tool
and increase their confidence in the process.
Professional training ensures high satisfaction
and fast authorization reviews.
Tip #6: Train the reviewers.
![Page 15: Authorization Review: 6 important tips from the field](https://reader037.vdocuments.us/reader037/viewer/2022102804/5497f155b4795951238b46c2/html5/thumbnails/15.jpg)
Click here for a demo
Get Xpandion’s software to ensure
ERP security & authorization compliance.