This project simulates an enterprise identity and access risk review performed by GRC, IT Risk, Cyber Risk, and Internal Audit teams to detect excessive privileges, segregation of duties (SoD) violations, terminated-but-active accounts, and behavioral risk indicators.
The objective is to identify control failures, quantify access risk, and produce audit‑ready outputs that support remediation prioritization and compliance decision‑making.
- Identify privileged access exposure on critical systems (ERP / IAM / GL)
- Detect Segregation of Duties (SoD) violations (create + approve conflicts)
- Flag terminated users retaining privileged access (critical control failure)
- Detect behavioral risk indicators (failed login attempts)
- Quantify access risk using a scoring model and risk tiers
- Produce structured audit and management review outputs
The dataset contains simulated enterprise access data including:
- User identity and role information
- System access and privilege levels
- Create and approve permissions
- Login behavior and activity recency
- Termination status
This structure mirrors data commonly reviewed during SOX access reviews, IAM certifications, and cyber risk assessments.
The following high‑risk scenarios are identified and classified:
- High privilege users on critical systems (ERP, IAM, GL)
- Users who can both create and approve transactions or records
- Users marked terminated who still retain high‑privilege access
- Repeated failed login attempts (potential brute force or account compromise)
Each scenario is assigned weighted risk scores and aggregated into an overall access risk tier (Low / Medium / High).
-
Import and normalize access control data from CSV
-
Clean boolean and categorical fields (Yes/No, privilege levels)
-
Apply scoring logic for:
- Privilege severity
- System criticality
- SoD conflicts
- Termination exposure
- Behavioral indicators
-
Aggregate scores into a total risk score
-
Classify users into Low / Medium / High risk tiers
-
Flag priority audit findings using rule‑based classification
-
Produce summary tables for management and audit review
- SQL – access classification, SoD detection, and risk flag logic
- Excel – risk scoring model, tier classification, and audit summaries
- GRC / IAM Control Logic – SOX, least‑privilege, and access governance concepts
- GitHub – documentation and portfolio publishing
enterprise-access-risk-analysis/
├── data/
│ └── user_access_logs.csv
├── analysis/
│ └── access_risk_scoring.xlsx
├── sql/
│ └── privileged_access_analysis.sql
├── screenshots/
│ ├── audit_summary_metrics.png
│ ├── high_risk_users.png
│ ├── scoring_model.png
│ ├── sod_violations.png
│ ├── privileged_accounts.png
│ └── failed_log_risk.png
└── README.md
Overview of total high‑risk users, SoD violations, terminated privileged accounts, and failed login risks.
![Audit Summary Metrics]
Users classified as High Risk based on privilege severity, system criticality, and control violations.
![High Risk Users]
Scoring logic and tier classification applied across privilege, system, behavior, and control factors.
![Scoring Model]
Users with conflicting create‑and‑approve permissions representing major internal control violations.
![SoD Violations]
Former users retaining high‑privilege access — a critical access governance failure.
![Privileged Accounts]
Users exhibiting repeated failed login attempts and abnormal activity patterns.
![Failed Login Risk]
This project reflects real workflows used in:
- Identity & Access Management (IAM)
- IT Risk & Cyber Risk programs
- SOX and Internal Audit access reviews
- Access certification and recertification cycles
- GRC control testing and remediation tracking
- Access governance and least‑privilege analysis
- Segregation of duties (SoD) control testing
- Privileged access risk detection
- Behavioral and cyber risk indicators
- Risk scoring and tier classification
- Audit‑ready documentation and reporting
- SQL‑based control analytics
Enoch Fatade Certified Third‑Party Risk Professional (CTPRP) Risk, GRC, and Analytics Portfolio Project