Case Number 115059 - Applications' Authorization Audit System

Contact: Geoffrey Pinski
Email: pinskig@ucmail.uc.edu
Phone: 513-558-5696

Description:  We have developed web-based software to audit user access to a variety of software applications. The Sarbanes-Oxley Act requires public companies to report its internal controls over its financial reporting. In implementing said controls, many companies track and maintain access information over a variety of software systems. Many companies use a manual process to gather a list of which systems each user has access to. This list is provided to the managers to review, change or confirm users’ authorization. A report is then generated and included in the company’s SOX audit process.

Our system was developed as an automated solution for a Fortune 500 insurance company’s process. The system is configured to import data generated by a variety of applications. It further integrates with the company’s identity management system allowing managers to sign in to view a list of their employees, the applications they have access to and their access level.

Our web-based system has the following features:
  • An Import tool to import excel-format files with lists of applications and users
  • A Manager Dashboard enabling managers to review users’ access level to the different applications and confirm or change
  • A Notification tool to notify system admin with managers’ changes A Reporting tool to report on managers’ actions

    Technology: The system uses Node.JS with Express, Angular JS and Bootstrap. The system uses the following libraries and technologies under open source licenses as indicated: