Contact us today.

Subscribe me to your mailing list

SAP Segregation of Duties

Segregation of Duties in a nutshell

In every company there is an organizational structure where  the roles (we call them business roles) of every type of employee are somehow described. Those roles are for example: account manager, marketing specialist, administrator, cleaner etc. Most companies have also some documents where every business role is associated with certain actions. For example, create payment order, approve payment order, create vendor, delete user… – are actions. Those actions are associated with particular transaction in SAP system (or sometimes with transaction and authorization values.

If a company has this information (they usually hire some Big 4 companies to create this organizational structure and role model, naming conventions, and so on) they create technical roles in SAP system, map business roles and actions to technical roles and transactions. Then they assign technical roles to user accounts in SAP so that every user has one technical role. Sounds good but in real life there are many issues with that, and the main is to keep it secure after each change.

Why do you need continuous Segregation of Duties analysis

Even if a company has a clear organizational structure and all transactions properly assigned to users you need to be sure that everybody will follow those rules later. Here is where SOD tools come into action. SOD Tools check if users can execute critical transactions to avoid financial or information fraud.

So, before a company can benefit from any SOD tool it should create some kind of an organizational structure and then configure a template. If it’s ready the tool can identify users with critical transactions, which they do not need (Configured in one template) or users do not have a combination of 2 or more critical transactions that they do not need.

What can ERPScan’s SOD Module offer to you

  • Identify users with critical privilege. 2000 default templates for different industries.
  • Identify users with SOD conflicts. 600 default SOD conflicts.
  • Detect Multi-dimension SOD conflicts. Identifying SOD conflicts with more than 2 functions such as Create PO + Approve PO + Create Vendor.
  • Create custom SOD rules. Create custom rules using wizard or CSV import.
  • Pre-configured SOX Compliance Check.

How can ERPScan help with detecting SOD conflicts

There are a lot of SOD tools in the market and you know it for sure, so what can we offer here? While the most important advantage of ERPScan is a combination of SOD, Vulnerability Management, Threat Detection and Customization protection (Code scanning ) in one platform and correlate results, SOD module itself has some great benefits against other tools. And first of all, we do it with preconfigured files for almost any industry, module or system and without any configuration on SAP. Wow its possible? Here the answer.

  • First type (Critical Access). Simply select one of our templates with list of critical transactions in particular area (HR, Financial, Administration) and tool will tell what are the users who can run those critical transactions.
  • Second type (Quick SOD). Quick SOD analysis provided by template called Top 20 SOX SOD Conflicts, which you can run out of the box and this template will show users, who can do 20 most dangerous transaction combinations.
  • Third type is (Custom SOD). Here you select 2 templates, First template describes business roles, actions and transactions and second describe what kind of business roles should not be assigned to one user and what is the risk of it. We have a pre-configured template – best practices from SAP and big4 companies which consists of 60 business roles and 600+ actions.

The benefits of ERPScan’s Segregation of Duties module

  • Pre-configured dashboards
  • Support for many industries and systems
  • Non-intrusive analysis
  • N-dimensional conflicts detection
  • Cross-system conflicts detection

Interested? Request demo now

Contact us today.

Select your country:

Subscribe me your to mailing list