User Access Recertification Risk Ranking
Description
Prioritize access reviews by privileged roles, dormant accounts, contractor status, separation date, and prior control findings.
AI / analytics pattern
ML risk scoring + rules
Automation level / stage
human-in-the-loop analytics
Expected benefit
High-value DoD FM productivity, auditability, data-quality and control improvement.
Audit / financial statement impact
Control environment; reliability of financial systems and reports
Controls / human review
Human approval required before posting, payment, denial, personnel action, or official audit response; model validation; drift monitoring; exception sampling; full prompt/data/output logging.
Data needed
ICAM, SailPoint, MyAuth, ERP roles, audit logs, control catalogs, system access reviews; transaction history; audit evidence; reference data; control requirements.
Possible metrics
dollars impacted; exceptions resolved; aged balance reduction; cycle time; NFR closure; audit sample pass rate
MVP scope
Build as a controlled pilot using one Component/process, read-only dashboards, and documented human signoff.
Related material weakness / control objective
Systems control environment and IT access controls