Sensitive access and Segregation of Duties made easy
>Roles and profiles for SAP or Responsibilities and Functions for Oracle EBS are used on a granular level to provide people with authorization to perform business functions. Some of these are sensitive in nature such as the preparation of a payment run, changing employee master data records or performing manual journal entries. Others are less sensitive, but only if not used in combination with other business functions. Having access to change vendor bank account details and at the same time having access to post invoices (accounts payable) constitutes what is typically referred to as a Segregation of Duties Conflict. A person could change the bank account number of a vendor to his/her own bank account number and post a payable invoice to the vendor.... in essence a fraudulent action.
In traditional Internal Control literature, Segregation of Duties is a primary control measure to prevent fraud (and errors). Nowadays a lot of the Segregation of Duties is enforced by Application Controls and thus it is very important to have a periodic (e.g. Quarterly) review on the current setup of your ERP system to prevent conflicting functions from being possible therefor effectively preventing fraud or misuse.
Part of the BWise Continuous Monitoring Suite is the Segregation of Duties Monitor which is fully integrated in the BWise GRC suite. It helps you manage your system authorization by providing direct insight in the number of conflicts, sensitive access assigned to users and trending on the remediation of incorrect authorization assignments for both SAP and Oracle EBS. The system is prepackaged with best practices definitions for sensitive access for both SAP and Oracle and is very easy to use. No interfaces are required to any of the ERP systems and the system offers advanced reporting capabilities.
Some of the primary characteristics:
- Compatible with Oracle EBS 11 and up or SAP 4.6c and up;
- Includes advanced set of Best Practice analysis on SOD and Sensitive Access for SAP and Oracle;
- Template reporting;
- Direct drill down capabilities in dashboards;
- Detailed insight in reason for SOD Conflict (Roles/Profiles/Responsibilities/Functions etc.);
- Fully integrated with BWise GRC Suite;
- No client software required and analysis can be performed remotely.
Please contact us for more information.