It seems to be possible to break down the problem into the following user areas:
Auditors
The main issues for audit are transparency and effectiveness of the controls and related processes. The audits for access management must be undertaken within 6 week timescales and can involve a broad cross section of the management teams.
Team Leads and Heads of Function
Access management audits will cover a wide range of systems. The issues for team leads and heads of function are providing feedback on multiple lists of user accesses across a large number of systems.
The report data must be presented in an easy to understand format and not be data overwhelming to encourage the desired fast turnaround times.
IT Security
The IT security department needs to be able to extract data containing user ID and roles from multiple systems to provide the data on which to base the access management audit.
Compliance
The compliance team need a method to set the rules on who should and should not have access to certain systems, to build the “Bingo list” which User Guardian will need to show a risk rating and reports where users are approaching this level of access.