Server Error
Server Error
Server Error
Server Error
Server Error
Server Error

Account Reviews

Regularly pool user accounts from systems and review them in a portal - long

  • Episodes12
  • Duration24m 51s
  • LanguagesEN
Episode 9

Processing Feedback

How accounts are reviewed

Introduction

Once you create your account reviews the process will automatically start for the Reviewer (the person that logs into the portal to review accounts) and for the GRC professional that has an interest in this process to take place. In this episode, we explain what is expected of both of them.

First Pulls and Feedbacks

Based on your account review frequency eramba will automatically run Pulls that will read the feeds you provided and calculate what the Reviewer needs to do.

The status will change after the first pull, and typically will switch to:

  • Reviewed: This means that the pull executed and found accounts to be reviewed and someone has reviewed them already. If your account review was created with the option "Automatically Submit Empty Pulls" (only applicable to differential reviews and exit reviews) then if the pull detected nothing to report to the reviewer nothing will be required from that person and the status will switch automatically to "Reviewed".
  • Pending Review: This status indicates the pull executed and something must now be done by the "Reviewer". Until that person completes the review and submits it (using the Review Portal) the status will not go away.

If you want to know more about the pull that was executed, click on the short item that will take you automatically to the Pull tab with the list of applicable pulls for that Account Review.

You will then see the details for the pull, including audit trails (that will exactly tell you what happened) and the number of accounts and roles that were created, modified, Etc.

If you click on the shortcuts for the accounts you will be taken to the "Feedback" tab where the details of what changes occurred are recorded. Remember everything you see on the "Feedback" is also what is expected to be reviewed on the account portal by the Reviewer role.

The feedback tab includes many important columns such as what accounts were identified, what happened with those accounts (added, modified, deleted, Etc) and there were changes to their associated roles. The Feedback tab works as an audit trail of all changes done on your systems and filters and reports can be used to monitor what happens.

The Feedback tab also includes the feedback provided by the Reviewer role - the vetting is done or not? by whom? and you can also block their answers to ensure no further modifications take place after they provided their feedback.

Account Review Portal

The Reviewer will have received an email with a description of what is expected to be done and a link that will point to the review portal. As a GRC professional, you can also access the same portal using the link provided in the module menu.

After the Reviewer (or the GRC role) logs into the Account Review module they will see the full list of reviews: completed and pending.

Note: There might be Submitted reviews the Reviewer did not work on, remember if there is nothing to be reviewed (no changes on the accounts or roles) eramba will automatically set them as Submitted.

When you click "Start" the reviewer must provide feedback for every account:

  • Is the account Ok? Not Ok? or perhaps we are not sure?
  • The reviewer can also post comments and attachments for every account. Comments and Attachments will keep a trail so you will always log who said what and when.

After all answers have been responded the portal is ready to be Submitted

Analysing Feedback

As discussed the Reviewer will perform the following actions on the portal:

  • Review accounts (ok, not ok, etc)
  • Provide comments and attachments
  • Submit (or not) the review

These actions are typically also reviewed by the GRC professional that has an interest, in particular, if the review of an account is "Not Ok" or "I'm not sure". eramba has a system Dynamic Status configured that will automatically trigger a warning if Feedback contains a Review with "Not OK" or "I'm not sure".

If you want to inspect the specific feedback that created that status, then you need to go step by step. Click on the "Pull" counter to see the full list of pulls for any given AR.

And then once inside the Pull tab (see on the top of the screenshot), click on "Feedback" for the pull that has the inconvenient feedback.

That will take you to the "Feedback" tab and list all the feedback including the one that is not ok.

Whatever comment was provided can be answered directly from the review feedback. Optionally every feedback can be locked to ensure no further changes take place.

Subsequent Pulls

Imagine our first pull run and we got some of the accounts with "I'm not sure" or "Not Ok" feedback. What you typically do in such a situation is to investigate and put comments and attachments on those particular "feedbacks".