
Meet the Speakers
Solving the SoD and user administration challenge for human and agentic actors
As SOX compliance expectations continued to rise, many organizations still lacked complete visibility and control over who—and what—had access to critical SAP and SOX-relevant enterprise applications.
The root issue was structural. Enterprise IAM was designed to manage identity at scale, but SOX required access governance to operate as a financial control system aligned with financial reporting risk and audit defensibility. In modern landscapes where financial processes ran across multiple systems, access could appear compliant within individual applications while still introducing material risk across the end-to-end workflow.
KPMG’s most recent material weakness study underscored the point: among companies disclosing material weaknesses, 56% cited IT, software, security, and access issues—and 43% cited segregation of duties or control design weaknesses. These control gaps drove a rising cost of compliance. The 2025 KPMG SOX Survey reported an FY24 average program effort of 15,580 hours, with 45% of organizations reporting year-over-year cost increases. When access governance was weak by design, teams compensated with manual controls, spreadsheet-driven reviews, late-cycle remediation, and repeated audit retesting—creating friction across Finance, IT, IAM, and Internal Audit.
This session addressed the identity and access breakdowns that repeatedly surfaced in audits: disconnected joiner-mover-leaver processes that created access creep, SoD conflicts that didn’t map cleanly to financial workflows across applications, privileged access that wasn’t governed as a repeatable, auditable control, and high-volume user access reviews that generated evidence but limited assurance. The speakers also addressed a fast-growing blind spot: the lifecycle and governance of non-human identities—including service accounts, bots, and automation agents—that interacted with SOX systems without consistent ownership or enforceable boundaries.
The session included a demonstration of how identity discovery, access governance, and continuous compliance monitoring could be automated across SAP and adjacent applications using a modern identity security platform


