Understanding Your Report
How to read and act on your AI-generated IAM assessment report.
Every Compass discovery generates a structured report with multiple sections. This guide explains what each section contains and how to use it effectively.
Report Structure
A typical Compass report includes the following sections:
Executive Summary
A high-level overview of your IAM posture, written for stakeholders who need the key takeaways without technical detail. Includes:
- Overall maturity assessment
- Top-priority risks
- Strategic recommendations
- Confidence level based on available data
Key Metrics
Quantified measurements pulled from your connector data and analysed by the AI. Common metrics include:
| Metric | What It Measures |
|---|---|
| Orphan Account Rate | Percentage of accounts with no active owner |
| MFA Adoption | Percentage of users with multi-factor authentication enabled |
| Certification Completion | Percentage of access reviews completed on time |
| Average Provisioning Time | How long it takes to grant access from request to fulfilment |
| Privileged Account Ratio | Percentage of accounts with elevated privileges |
| Stale Account Rate | Accounts with no activity in 90+ days |
Each metric includes:
- Current value from your connector data
- Industry benchmark for comparison
- Trend indicator (if you've run previous discoveries)
- Confidence level indicating data completeness
Key Findings
Prioritised issues discovered during analysis, each with:
- Severity — Critical, High, Medium, or Low
- Category — Governance, Operations, Security, or Compliance
- Description — What the issue is and why it matters
- Evidence — Specific data points that support the finding
- Recommendation — What to do about it
Action Plan
A prioritised roadmap of recommendations, ordered by impact and effort:
- Quick wins — Low effort, high impact changes you can make immediately
- Strategic initiatives — Larger projects that address root causes
- Long-term improvements — Foundational changes for sustained maturity
Each action includes estimated effort (days/weeks), expected impact, and which findings it addresses.
Benchmarks
How your metrics compare to industry standards and peer organisations. Benchmarks are sourced from published IAM industry reports and adjusted for your organisation's size and sector.
Compliance Scoring
Gap analysis against common compliance frameworks:
- SOX — Segregation of duties, access certification, audit trails
- HIPAA — Access controls, audit logging, workforce security
- NIST 800-53 — Identity governance, privileged access management
- ISO 27001 — Access management controls, monitoring
Each framework section shows your current compliance percentage and specific gaps to address.
Report Versions
Every time you rerun a discovery, Compass creates a new version of the report. Versions are numbered as:
- v1.0 — Initial report
- v1.1 — After calibration or refinement
- v2.0 — After a rerun with fresh connector data
Each version includes comparison notes showing what changed and why, so you can track improvements over time.
Acting on Your Report
- Share with stakeholders — The executive summary is designed to be shared with leadership
- Prioritise the action plan — Start with quick wins to build momentum
- Calibrate if needed — If a finding doesn't match your context, use Calibration (Pro plan) to refine the AI's assumptions
- Dig deeper — Use Dig Deeper (Pro plan) to explore specific findings with follow-up analysis
- Rerun regularly — Rerun discoveries monthly or quarterly to track progress against your action plan