The main concern to most customers, when it comes to managing access risk, is how to make access governance more secure while maintaining a high degree of compliance and transparency. While risk modeling is one way to achieve such a goal, there are far simpler and more immediate approaches that can help identify and mitigate risk in access governance. Identifying access anomalies and recommending proper actions can improve security by mitigating the risks & liabilities that these anomalies pose to the system. First, we need to define what 'normal' is. Analytics of traditional tabular data might help but can only go so far. What we need is a robust data structure that provides a faithful representation of the access ecosystem. We can then take advantage of the inherent 'aesthetics' of this data structure to define normalcy. In this talk, we will give an overview of a network graph approach that lays the foundation for an outlier detection & management engine that allows the user to proactively discover & prioritize vulnerabilities of access management systems. At the same time, it enables autonomous, intelligent decision-support recommenders to advise on proper actions. This approach can be query-enabled to maintain a high degree of transparency with the user and support any future audit inquiries.