Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

How to lessen the pain points of user access reviews

Application Risk Insights



As businesses accelerate their digital transformation, user access reviews (UAR) have become a major priority for modern enterprises to support their evolving workforce and customers. Once viewed as an operational back-office issue, UARs are now gaining board-level visibility to stay compliant and manage risks effectively.

However, managing UARs can be difficult, but by understanding their pain points organizations can put together a framework to help lessen their complexities and discover ways to improve the process.

UAR is the process of periodically re-certifying the appropriateness of logical user access and security entitlements for production applications. Executing periodic UARs is a key control that verifies the adherence of user community to the risk-based principle of least privilege and ensures access is limited to the right users within the organization.

A well-defined, documented UAR policy helps mitigate potential risks and control failures while providing auditable evidence for satisfying compliance requirements, such as SOX, which mandates firms to know who has access to secure data.

The need to control who has access to what systems and data is more than just a matter of enterprise security-it’s a compliance necessity as well. Conducting user account review periodically is critical for monitoring, managing, and auditing the user account lifecycle to prevent potential risk concerns. UAR shouldn’t be the tool you use to clean up access once a year, instead, it should validate the appropriateness of the work you’ve been doing all year. By being able to control “who has access to what” from the initial access request approval process to the fulfilment of access on target systems, UARs enable organizations to improve their overall security posture and prevent inappropriate access from being granted.

Watch webcast replay

Dive into our thinking:

How to lessen the pain points of user access reviews

Download PDF

Explore more

Popular category topics

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.