I don't know of any automated programs that perform audits on these products. Usually, I do an assessment using the control practices described in the Cobit 4.1 Change and Config high level IT processes.
For example, I confirm that there is a separation of duties and there is full trace ability for all changes. A lot depends on what industry you are in and what regulatory requirements are driving your audit.
Editor in Chief, CM Crossroads
Having administered Harvest over 3 or 4 versions of the product I would say what you want is basically built in. You would just need the proper sql queries to glue the access control information together. Each installation is a custom configuration and frankly each project inside it can be different from the others.
I have had to generate SOX, PCI and HIPAA reports showing separation of roles and such. All of which were sql queries.
CMCrossroads is a TechWell community.
Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.