An identity management access (IAM) system is a framework for business processes that facilitates the management of electronic identities. The framework includes the technology needed to support identity management.
IAM technology can be used to initiate, capture, record and manage user identities and their related access permissions in an automated fashion. This ensures that access privileges are granted according to one interpretation of policy and all individuals and services are properly authenticated, authorized and audited.
Poorly controlled IAM processes may lead to regulatory non-compliance because if the organization is audited, management will not be able to prove that company data is not at risk for being misused.

Identity and access management (IAM) is the process of managing who has access to what information over time. This
cross-functional activity involves the creation of distinct identities for individuals and systems, as well as the association of system and application-level accounts to these identities.
IAM processes are used to initiate, capture, record, and manage the user identities and related access permissions to the organization’s proprietary information. These users may extend beyond corporate employees. For instance, users could include vendors, customers, floor machines, generic administrator accounts, and electronic physical access badges. The means used by the organization to facilitate the administration of user accounts and to implement proper controls around data security form the foundation of IAM.
Although many executives view IAM as an information technology (IT) function, this process affects every business unit throughout the organization. For instance, executives need to feel comfortable that a process exists for managing access to company resources and that the risks inherent in the process have been addressed. Business units need to know what IAM is and how to manage it effectively. IT departments need to understand how IAM can support business processes and then provide sound solutions that meet corporate objectives without exposing the company to undue risks. Addressing all of these needs requires a solid understanding of fundamental IAM concepts.
In addition, information must be obtained from business and IT management to understand the current state of company wide IAM processes. A strategy, then, can be developed that is based on how closely existing processes align with the organization’s business objectives, risk appetite, and needs. Matters to be considered when developing an IAM strategy include:

• The risks associated with IAM and how they are
addressed.
• The needs of the organization.
• How to start looking at IAM within the organization
and what an effective IAM process looks like.
• The process for identifying users and the number of
users present within the organization.
• The process for authenticating users.
• The access permissions that are granted to users.
• Whether users are inappropriately accessing IT
resources.
• The process for tracking and recording user activity.
As an organization changes, so too should its use of IAM
processes. Therefore, as changes take place, management
should be cautious that the IAM process does not become
too unwieldy and unmanageable or expose the organization
to undue risk due to the improper use of IT assets.

Article source: http://searchsecurity.techtarget.com/definition/identity-access-management-IAM-system
Article source: http://www.aicpa.org/InterestAreas/InformationTechnology/Resources/Privacy/IdentityandAccessManagement/DownloadableDocuments/GTAG9IdentAccessMgmt.pdf