Guidance: Auditing Identity and Access Management


Identity and access management covers the policies, processes, and tools for ensuring users have appropriate access to IT resources.

The “Auditing Identity and Access Management” GTAG will help internal auditors understand key terms and how to approach an audit to ensure their organization’s IAM protocols help mitigate potential security and regulatory risks. This knowledge will help internal auditors provide assurance that controls for managing access to IT resources are well designed and effectively implemented.

This guidance will enable internal auditors to understand:

  • IAM and develop a working knowledge of relevant processes, including related governance and security controls.
  • Risks and opportunities associated with IAM.
  • Components of the IAM process, including provisioning IDs, administering and authorizing access rights, and maintaining enforcement through authentication, reauthorization reviews, and automated account deactivation processes.
  • Some of the considerations and strategies for implementing IAM controls.
  • The basics of auditing IAM, including specific controls that should be evaluated.

Terug naar het nieuwsoverzicht

IIA Nederland

Burgemeester Stramanweg 105F
1101 AA Amsterdam
Contact opnemen

Audit Magazine

Audit Magazine


IIA is dé toonaangevende beroepsorganisatie voor internal auditors. Een lidmaatschap laat u delen in de collectieve kennis van alle vakgenoten in de wereld.
Meer informatie