Niniguno

Solo disponible en BuenasTareas
  • Páginas : 7 (1660 palabras )
  • Descarga(s) : 0
  • Publicado : 31 de agosto de 2012
Leer documento completo
Vista previa del texto
Segregation of Duties – SoD

Segregation of Duties – SoD
Applies to:
Segregation of Duties GRC SAP Access Control Suite.

Summary
Under growing pressure of various regulatory standards by different governments such as SOX, an US accounting law, it is clear that there should be properly defined and implemented access controls. SoD or Segregation of Duties says that an individual should nothave access rights to a function/process end-toend. There needs to be a well defined Strategy for doing Segregation of Duties effectively in an Organization that is spread across various systems and various Geographies. Author: Nuzhat Khan Company: HCL Technologies Created on: 19 Oct 2007

Author Bio
Nuzhat Khan is an Associate Consultant working with HCL Technologies

SAP DEVELOPER NETWORK |sdn.sap.com © 2007 SAP AG

BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com 1

Segregation of Duties – SoD

Table of Contents
Segregation of Duties.................................................................................................................................... 3 Segregation of Duties and Role Matrix......................................................................................................... 4 SoD and SOX Compliance............................................................................................................................ 4 SoD Implementation...................................................................................................................................... 5 Related Content............................................................................................................................................ 6 Disclaimer and Liability Notice ...................................................................................................................... 7

SAP DEVELOPER NETWORK | sdn.sap.com © 2007 SAP AG

BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com 2

Segregation of Duties – SoDSegregation of Duties
Under growing pressure of various regulatory standards and measures issued by different government, it is clear that there should be properly defined access controls and implemented effectively. Access Control, ensures that there is proper segregation of duties. SoD or Segregation of Duties is an important factor while dealing with different responsibilities and job profiles acrossan enterprise. Across an enterprise there are various functions and these functions are performed, together by a set of roles/responsibilities. SoD says that these set of Roles/responsibilities should be assigned in such a way that, across an enterprise, any individual should not have end to end access rights over any function. The Roles and Responsibilities for the function should be divided insuch a way that one person does not full right over the function that the risk of malicious activity of manipulation of the function is reduced. The more critical the function is, greater and clearer Segregation of Duties should be. Segregation of Duties deals with access controls. Access Control ensures that one individual should not have access to two or more than two incompatible duties. Someexamples of incompatible duties are: • • • • Creating vendor and initiate payment to him. Creating invoices and modifying them. Processing inventory, and posting payment. Receiving Checks and writing pay-offs.

Ideally, single individual must not have authority of creation, modification, reviewing and deletion for any transaction / tasks / resources. If any individual has access rights tocreation and modification, he can create and after getting it reviewed, he can modify it to do some fraudulent exercises. Similarly if an individual has creation and deletion rights he can create, initiate payment and later delete any transaction logs that can track his activity. Segregation of Duties ensures that: • • • There are no errors, as SoD ensures cross check of roles/responsibilities. Risk of...
tracking img