Audit Remediation Using an Innovative Solution: Automation

A US bank needed to onboard 100+ application file feeds critical to financial reporting into their user attestation application, SailPoint. This needed to be achieved within a very short timeframe. Support for annual and ongoing terminations and transfers was also needed.  

The bank faced the following hurdles: 

• Normalizing application access control lists (ACLs) sitting on various platforms including Mainframe, AD/Windows and *nix (Unix/Linux), web-based, etc.
• Vendor managed applications vs. bank managed applications and how to obtain the ACLs on a frequent basis
• Integration of sources of enrichment e.g. ServiceNow and AD to ensure SailPoint requirements were met
• Data mapping between source application ACLs and final output required by SailPoint
• Differing variety of ACL document types (e.g. PDF, .txt, .xlsx, .xls) to be transformed into one unified template to be consumed by SailPoint
• Processing document types from different sources (e.g. email, SFTP landing zone, database, graphical user interface, terminal emulator)
• Data cleanup and remediation to reduce data issues and orphan accounts
• Implement the scope of application feeds within 2.5 months
• Audit trail of transformation to satisfy auditors/regulators

Richter helped a US bank implement an automated solution using a team of Richter Business Analysts and a vendor-automated toolset or ‘software bot’, Business Automation, Artificial Intelligence (AI) and Robotics (BAAR) from Allied Media Inc. to:

1. Automate the ingestion of 100+ application file feeds into SailPoint 

2. Centralize the maintenance of the application file feeds within the automation toolset

3. Report on the daily status of the file feeds 

In addition, Richter’s Business Analysts were able to work with application and Identity Access Management (IAM) teams to reduce data quality file feed issues encountered and also reduce the number of orphan IDs.  

As a result of the implementation of BAAR, the client was able to:

1. Perform user attestations for 100+ applications on time. 

2. Automate the ongoing removal of terminated/transferred employees

3. Report on the daily status of any of the 100+ application file feeds using BAAR and report any discrepancies timely to the required client stakeholders for resolution

4. Track each automated step through audit logging

5. Retain raw, source file feed information in the event that the auditors wanted to manually re-perform activities to prove the automated activities performed by BAAR worked as expected

6. Demonstrate to both internal/external auditors that the automation of the application file feeds were complete and accurate.