Tuesday, July 27, 2010

Material Weakness Reported by KPMG in Internal Controls for User Access


KPMG recently reported “access controls contribute to a … significant deficiency that is considered a material weakness in IT controls” at the Federal Emergency Management Agency (FEMA). (a)
CFOs lost their jobs within 3 months of reporting a material weakness in more than 60% of such cases. - A.R.C. Morgan (b)
Specific weaknesses highlighted by KPMG include:
  • Application, database, and network accounts were not periodically reviewed for appropriateness and resulted in inappropriate authorizations and excessive access rights.
  • Application, network, and remote user accounts were not disabled upon personnel termination.
The importance placed on weaknesses in internal controls for user access is understandable in light of IDC reporting that “Out-of-date and/or excessive privileges and access control rights for users are viewed as having the most financial impact on organizations.”(c)
"Deficiencies identified in FEMA's access controls increase the risk that employees and contractors may have access to a system that is outside the realm of their job responsibilities. – KPMG FEMA Report (a)
Material weaknesses at FEMA are estimated to take several years to remediate using conventional methods, but the Veriphyr Identity and Access Intelligence Service can put a sustainable internal controls in place in days, not months. Moreover, this can be done with zero hardware, zero software, and no work.

The Veriphyr identity and access intelligence service applies analytics to data you already have and eliminates the grunt work of identifying user access policy violations. Plus the Veriphyr identity and access intelligence service delivers actionable remediations and monitors the resolution of the remediations.

If you want to avoid a material weakness of internal controls in your next audit be sure to view a video demonstration of the Veriphyr identity and access intelligence service.

Sources:
(a) Information Technology Management Letter for the Federal Emergency Management Agency Component of the FY 2009 DHS Integrated Audit
(b) A.R.C. Morgan: More than 60 Percent of CFOs Resign or are Pushed when a Material Weakness is Disclosed
(c) Insider Risk Management: A Framework Approach to Internal Security” by IDC

No comments:

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.