In most organizations, data about what entitlements users have exists solely inside individual systems and applications. This makes it difficult for auditors to answer simple questions, such as:
When these questions are hard to answer, they are rarely asked. This weakens internal controls.
Identity Manager can be used by organizations to more readily audit user entitlements, including change history and policy violations.