Does anyone have a client who relies only on the user access recerts as their control? Client wants to remove the transactional term control and rely solely on the UAR

like
Posting as :
works at
You are currently posting as works at

UAR is a detective monitoring control which cannot replace a preventative control. Depending on how often your client performs the UAR (usually every 6 months) that can open risk for someone having inappropriate risk for a long period of time and no one will notice.

like

What is recert?

Recertification, it's just a UAR

Relying solely on UAR can have its advantages - like risk mitigation - it can help identify and address potential segregation of duties (SoD) conflicts or unauthorized access!

Are they performing a look back as part of their access review for users marked as removals (to mitigate risk of access not being termed timely via a term control)? If not, it would likely not fully cover the risk especially if they are only executing a few times a year.

Are they relying on a mitigating control? I.e. timely network terms control may mitigate app term control gap if the app has an network authentication req.

OP stated they dint want a term control

🤣🤣🤣🤣

Related Posts

Can anyone share their experience on mettl test in brillio. Regarding setup, questions and everything.

like

Hows the Mphasis directcore division...what project are there in mumbai...hows the culture?

like

Did you feel “ready” the first time you managed a team? Or insecure?

like

Are you feeling a slowdown in recruitment business? If you are, how are you combatting this?

like

Any advice with anxiety before calls/door pulling? Never happened before but it’s crippling now.

likehelpful

Hello everyone! I am an analyst at a PE firm wanting to move to Sales (particularly in tech). I have been working in the TMT sector in finance for 8 months and I am looking to vecome more knowledgeable in this new sector (tech sales). Does anyone have any advice regarding jon opportunities /best companies / any other relevant info? Thanks!
P.s - I am spanish an would prefer to work in Spain, although i wouldn't mind travelling if the opportunity is lucrative!

like

Can anyone share some tips or suggestions for the Sr. Program Manager final rounds of interview? Trying to prepare as much a as possible.

like

Help me ask for a raise in my upcoming performance review? In sum, my company’s HQ is in Texas and I feel I’m being paid a Texas wage when I live in Los Angeles (the role is remote). We do have a San Francisco office and I want to ask my boss to match me what staff are making there. As that’s more comparable. Based off of Glassdoor, my salary matches Texas’s exactly and SF has the same role at 10k more. Should I show him the Glassdoor page? Don’t want to come off too strong. Please advise

like

Any input on job offerings I’ve received. Morgan Stanley CRU risk officer pay is $70k with a less than 10% bonus. And KeyBank position is a private client advisor pay is $67k but bonus can range from $10k -$25k depending on performance and other compensation factors. Currently a Investment Consiltant at WFA making $62k with a $7k bonus. Both are in office positions in SLC, UT. TIA

like

Hi! I'm currently interviewing (3/6 interviews so far) for for an appeals manager role for DME. The job entails not only to bill for dme (cms 1500) but also to follow up on any denials or appeals, amongst other administrative duties. My questions are is it typical to have 1 person doing both the billing and denials within a new vertical for all ins.? How difficult is billing for dme as I only have experience in gyn onc and lactation billing? What's a fair salary? I have 8+ yoe in rcm, no certs.

Hi fishies 🦈,
I am an experienced finanacial crime operations manager and exploring if there are fincrime product manager roles?
Thanks in advance!

like

What’s everyone doing today 🧐

like

Former biglaw first-years now in government: Do juniors in government get more autonomy than those in biglaw? Or is the review process for juniors' work at least more efficient/streamlined (i.e. reviewed by one mid-level and one senior, instead of four mid-levels, two seniors, and two partners)?

like

I'm SVP/strategy for a PR agency. I moved into PR, Healthcare, and Strategic Planning only 3 years ago. An agency recruiter is trying to convince me to move into a GSVP account role, assuring me "at that level it's all strategy." (I dont think she understands the words she's using. Or that I'm qualified). But long-term, knowing account roles are so much more plentiful than brand planning in PR, I'm wondering if I should start thinking about account. Anyone here moved from strategy to account?

like

What are the best consulting firms for pricing (consumer goods focused)?

like

Can we keep the Bosch company laptop with us permanently?

like

Can anyone anyone help with a salary range for a senior E&S UW. 5 years of experience. Interviewing but don’t want to sell short for my salary expectations.

like
like

Is $100K low for a senior producer @ creative agency in nyc

like

Additional Posts in Risk Assurance

Anyone hiring for entry level risk compliance roles?

like

Should I take this offer in a second line role with similar bad WLB as public? Current salary: 155k base, 8k annual bonus (7YOE):

Offer:
170 base
17k sign on
25,500 (15% annual bonus)
28k annual RSUs (vest quarterly)

like

How do you all keep up with trends in risk and internal audit?

like

How does IT SOX audit in industry usually do during recessions?

likehelpful

What aspects would you look at when interviewing a person for a Manager position?

like

Is anyone here in KPMG’s CRM Risk practice? If so do you know if they are still hiring??

like

What’s your worst experience with a senior? (As an associate)

Tried to jump to a big 4 as a senior 2 in risk assurance . SF market - offered 93k base and 15k bonus. Is this worth?

Identifying a common process, what does this even mean 😩 please help.

like

What makes more money IT Audit or IT GRC?

like

Anyone can give insight in B4 Risk in Houston/Dallas market?

like

If anyone is looking for a referral as an experienced hire to the PwC DAT (Digital Assurance & Transparency - formerly Risk Assurance) practice let me know and would be happy to refer you. We are actively looking to hire.

like

When is busy season over for the SOX side of stuff? Please tell it doesn’t go past 12/31.

funny

What’s a good out from RA? Thinking about moving away from audit/accounting

like

Im looking at new job opportunities out side of PA but struggle to confidently answer how much I’m looking to be paid. I’m so worried of over asking or leaving money in the table.
I’m in a SoCal HCOL and have been asking for 100k for Senior Internal Audit Roles (2 years) and working on my CiSa.
Is that too optimistic?

like

Does business Process Internal Audit or IT Internal Audit make more?

like

Hi! I used to work at PwC and currently work at Friedman. I’ve been at Friedman for about a year and a half and I love it! We are hiring at an experienced associate and senior associate level! Cont..

like

I studied finance in undergrad and had a couple of internal audit internships. I only started a few month ago but I never saw myself doing IT Audit and I don’t like it thus far! Would I need to get a CPA in order to move into audit or something more finance/accounting oriented like FDD, Valuation, etc.? (Still need to get to 150, thinking of doing an online MAcc)

like

Mid year promotions, I found out you need to make your own case for it rather than the firm coming to you. If you think you’re ready make sure you speak up!

Does anyone have any good resources for auditing ESG?

New to Fishbowl?

Download the Fishbowl app to
unlock all discussions on Fishbowl.
That was just a preview…
Sign Up to see all discussions
  • Discover what it’s like to work at companies from real professionals
  • Get candid advice from people in your field in a safe space
  • Chat and network with other professionals in your field
Sign up in seconds to unlock all discussions on Fishbowl.

Already a user?
Login here

Share

Embed this post

Copy and paste embed code on your site

Preview

Download the
Fishbowl app

See what’s happening in your industry
from the palm of your hand.

A phone with Fishbowl app

Scan your QR code to download
Fishbowl app on your mobile

Download app

Sign up for free to view this conversation on Fishbowl

By continuing you agree to Terms of Use and Privacy Policy

Already have an account? Log in

Sign up for free to continue using Fishbowl

By continuing you agree to Terms of Use(New) and Privacy Policy(New)
Messaging rates may apply

Already have an account? Log in

For account settings, visit Fishbowl on Desktop Browser or

General

Legal