Identity lifecycle control review
In progressInternal audit
Evidence collection is on track, but joiner-mover-leaver exception handling still needs one revised control narrative.
Lead: Risk team
Due Apr 4
3 artifacts pending
Technology Services
Audit Reporting
A working audit-view mock for findings, evidence deadlines, and remediation ownership while the true audit backend is still pending.
Demo data Updated 15 min ago
18Open Findings
Across internal review, identity controls, and vendor evidence requests.
2Critical Findings
One identity control gap and one unsupported admin workflow.
6Evidence Due
Artifacts requested within the next 14 days.
Active Audits
Representative engagements and checkpoints that a real audit module would expose first.
Endpoint privilege management follow-up
Evidence requestedSecurity operations
Auditors want proof that local admin exception reviews are happening on the promised cadence.
Due in 6 days
2 screenshots missing
Owner: Security
Vendor access recertification sample
PlannedQuarterly review
A targeted sample of privileged vendor accounts is being checked against current sponsorship and contract dates.
Starts Monday
12 accounts
Owner: IAM
Priority Findings
High-value fake findings that make the route useful during demos and navigation testing.
Severity 1Critical
Admin break-glass account review not evidenced
The review process exists, but the artifact trail is inconsistent across monthly control packets.
Severity 2Needs remediation
Service catalog ownership fields inconsistent
Several services list outdated owners, which weakens downstream SLA and escalation accuracy.
Severity 3Observation
On-call swap approvals not centrally retained
Teams messages exist, but there is no durable record suitable for audit evidence after the shift closes.