Segregation of Duties
Stay a step ahead of auditors and fraudsters
Auditors recommend Segregation of Duties (SoD) as an effective means of preventing internal fraud. They look for evidence that controls are in place – even for companies who are not subject to Sarbanes-Oxley or similar regulations.
But with no native functionality in their ERP systems to help, many companies struggle to implement effective SoD controls.
Complex spreadsheets and SQL reporting are time-consuming and inaccurate
Typically, companies use combinations of spreadsheets and SQL to satisfy their auditors, but this places extra demand on busy technical staff.
It also gives inaccurate results, due to the difficulties of analyzing all possible access paths – so it often fails to identify users with access rights that violate your SoD policy.
There’s no way to proactively enforce your Segregation of Duties policy
With no automated means of checking for potential SoD conflicts as access is granted, it’s impossible to ensure that you’re not inadvertently introducing new risks.
So over time the effort needed to find and fix all the loopholes grows bigger and bigger.
To manage Segregation of Duties efficiently you need:
- A convenient means of defining your SoD rules
- Detailed analysis of your live security which compares users access rights against the rules to identify SoD violations and enable you to investigate them
- Preventive SoD warnings to help you keep your system clean whenever access is updated
- All integrated within your ERP system to make it accurate, secure and auditable.
We have specialized tools and services which make SoD management and reporting much easier.