We have developed web-based software to audit user access to a variety of software applications. The Sarbanes-Oxley Act requires public companies to report its internal controls over its financial reporting. In implementing said controls, many companies track and maintain access information over a variety of software systems. Many companies use a manual process to gather a list of which systems each user has access to. This list is provided to the managers to review, change or confirm users authorization. A report is then generated and included in the company's SOX audit process.
Our system was developed as an automated solution for a Fortune 500 insurance company's process. The system is configured to import data generated by a variety of applications. It further integrates with the company's identity management system allowing managers to sign in to view a list of their employees, the applications they have access to and their access level.
Our web-based system has the following features:
- An Import tool to import excel-format files with lists of applications and users
- A Manager Dashboard enabling managers to review users access level to the different applications and confirm or change
- A Notification tool to notify system admin with managers changes a reporting tool to report on managers actions
The system uses Node.JS with Express, Angular JS and Bootstrap. The system uses the following libraries and technologies under open source licenses as indicated:
- Node.JS: https://github.com/joyent/node/blob/master/LICENSE
- Bootstrap: http://getbootstrap.com/getting-started/#license-faqs
- jQuery: https://jquery.org/license/
- AngularJS: https://github.com/angular/angular.js/blob/master/LICENSE
- Express: https://github.com/strongloop/express/blob/master/LICENSE