AuditBoard is a cloud-based audit management software solution from the company of the same name in Cerritos.
N/A
SailPoint Identity Security Cloud
Score 7.9 out of 10
N/A
SailPoint Identity Security for the cloud enterprise manages risk from the explosion of technology access. The solution gives businesses visibility while automating and accelerating the management of all user identities, entitlements, systems, data and cloud services.
Auditboard is especially useful for SOX control testing. It is very convenient having all our information on a single platform. It is easy to communicate PBC requests to clients, store control testing working papers for review, communicate deficiencies and build dashboards to provide visual statistics. Situations where it might not be useful are for organizations that are smaller in size where the templates don't fit well with their internal audit/controls program. There is a significant amount of testing required before using the platform, and adapting working papers to fit in well with AuditBoard
As discussed in previous sections, it does integrate well with other systems, and basic JML works well; it's very powerful and customizable in these areas (though also complex). The downsides are in areas like access reviews, where it's less customizable (no way to automatically send a review to the owner for a set of access items; each review needs an individual to be selected for it).
We used to perform our Risk Control Analysis (RCA) for each audit's planning in an Excel spreadsheet. Once we purchased the Risk Oversight module, AuditBoard helped us convert the RCA to a system function rather than a spreadsheet. At first, we lost some of the functionality the spreadsheet provided, but AuditBoard did continue to help us build and work towards a solution more similar to what we previously had. Though happy with it, it's still not perfect. As one example, I'd like to be able to link actual Ops Audit work steps that cover the risk and controls being outlined in the RCA, rather than just adding a comment to state which steps cover them. More of a preference, I suppose.
I also had demoed their beta Resources and Scheduling module, but it didn't have enough functionality at the time to work for how we put the quarterly Internal Audit schedule together (using Excel). One thing I recall was that you couldn't pull in SOX controls or non-chargeable work (such as education or administration) to auditor's schedules; it was meant to schedule the Ops Audits only. It is possible they have already fixed or improved this; I just haven't seen the updated version.
The user interface is not very intuitive. It is hard for the occasional user to navigate through the request process. There are no instructions on the screen to help the user to know what to do. It is left up to the user to figure out what to click on and how to navigate through the process.
Its a best tool for a CISO, works very well, easy to use, great connectors and integrations, great reports, automated reviews, full compliance, great support to a JML (Joiners, Movers and Leavers) project;
Always improving the UI, so it's getting better. Some areas are fully featured, but others, such as Separation of Duties reporting and policies, are very weak.
The first journey isn't easy because you need to win your internal process and problem concern and Sailpoint have many experience to support this phase, and make the real difference into the client experience;
I remember there were a lot of sync issues when I used the internally developed software, but that's probably because a few people were working on the same project at the same time. I have not come across this issue in AuditBoard
The on-prem SailPoint IdentityIQ platform provides the necessary customization that is required in our dynamic environment. Although we may look at a cloud-based Identity Management service again in the future, (there are many advantages), our identity management, authentication, and application assignment processes cannot be quickly consolidated to a single cloud-based service at this time.
Hard to quantify. It was cheaper than the tool we had and we were able to get rid of standalone tool for surveys. overall, just better user experience for all.
Over 300,000 password change/reset calls avoided to the helpdesk annually.
1,000 plus accounts with proper accesses provisioned via automated birthright processes weekly versus 1-2 days of manual provisioning and approvals. With a call center population that churns many people per week, this brings many dollars of efficiency to the operations teams.
Flexibility on terminations to manage accounts and access for target applications based on regulatory or business rules to ensure compliance and avoid fines for non-compliance.