Account Access Request Application
Learning Team A:
Kelly Benavides, Glenn Eldridge, Macgregor Felix,
Dorothy Hulan, Dave Patterson & Peter Peterson
Project Planning and Implementation
February 2, 2005
This paper presents the concept and definition of the Account Access Request Application project. The project aims to deliver an application that will provide an online mode of access to Company A (the company)'s resources for its some 1000 employees. The continued growth dictates the company solution be scalable , while the current external political and financial atmosphere requires compliance to new internal audit regulations. With such sizable impetus, reducing costs, eliminating delays, decreasing errors, and producing internal audit reports are part of the audacious goals of the project. The following pages will attempt to define the Account Access Request Application product, the project objectives, its mission and goals, its approach, its organization, and the various tasks and responsibilities.
Account Access Request Application
The need for access provisioning solutions is necessary as applications and systems require specific access, and security becomes a number one issue throughout the industry. There is currently no online method to request access to systems resources within the 1000-employee company. The current process to gain access to any of Company A's resources is to contact the Technical Response Center (TRC). The TRC administrator creates a tracking ticket. The administrator requires validation from the requestor. In some cases, the administrator will be required to get approval from the resource owner. Once the request is complete, the TRC administrator manually creates the access and gives the password to the requester. The tracking ticket is then closed. The process can take anywhere from 2 to 3 days. According to article 2, section 404 of the Sarbanes-Oxley of 2002; we are required to establish and maintain an adequate internal control structure and procedures for financial reporting (AICPA, 2004). This means that our critical business systems need to have a secure process for requesting access and the level of access is granted to only those authorized. In addition, the entire process should be well documented and the access data is available for reporting and periodic audits. The application will need to be scalable
to handle increasing resources, data, and a growing employee population. It should also be flexible to allow for new technology advancements in automation, such as, automatically creating accounts on systems, applications and databases.
Once the need for the application is understood, the project objectives are defined. These objectives will guide the project team in the development of the project recommendation and project plan. Three key objectives have been defined. Objective one will verify that the project aligns with departmental and company goals. It is important to know, if an executive strategy, such as the outsourcing of company systems to a vendor. A second key objective will build an IT recommendation or proposal for executive approval. This proposal will include all of the necessary information for the executive to make a decision. The third objective, to install the Access Administration system, sets the ultimate objective of the project. Once the application is installed and tested, the project can begin its closeout phase. Mission and Goals
The mission of this project is to provide rapid access to system applications for employees from any device or connection within the company while decreasing the workload of the IT department. According to IBM, the benefits to the company are consistent security implementation across the organization while simplifying management through a single interface (IBM. 2004). Goals of this project include: Reduce...