SlideShare une entreprise Scribd logo

Segregation of Duties Solutions

Ahmed Abdul Hamed
Ahmed Abdul Hamed
TechnologieBusiness
1  sur  25
Télécharger pour lire hors ligne
Segregation of Duties Solutions Point of View January 10, 2007
Copyright © 2006 Deloitte Development LLC. All rights reserved. 1 Contents Example SOD Tool Process and Sample Documents Example Approach to an SOD Program Business Considerations
Copyright © 2006 Deloitte Development LLC. All rights reserved. 2 Business Considerations
Copyright © 2006 Deloitte Development LLC. All rights reserved. 3 Segregation of Duties • Represents a key internal control that ensures no single person has too much influence over any business transaction or operation • Serves to prevent unintentional errors or fraud and ensure timely detection of errors that may occur • Provides a method of improving organizational, business process and IT control alignment • Represents a key internal control that ensures no single person has too much influence over any business transaction or operation • Serves to prevent unintentional errors or fraud and ensure timely detection of errors that may occur • Provides a method of improving organizational, business process and IT control alignment Segregation of Duties is the separation of incompatible duties that could allow one person to commit and conceal fraud that may result in financial loss or misstatement to the company. Segregation of duties may be within an application or within the infrastructure. Segregation of duties has always been an important component of a properly functioning internal control environment
Copyright © 2006 Deloitte Development LLC. All rights reserved. 4 Common Challenges and Pitfalls of IT Controls • Limited mechanisms to consistently enforce policies at an enterprise level • Lack of strong executive-level support and insufficient alignment between IT and the business • Lack of user education & awareness regarding SOD • Management’s preference to rely on mitigating controls in place of implementing proper SOD • Inadequate policies and procedures for effectively changing or removing access when users change jobs or leave the company • Limited automated reporting capabilities for IT controls • No monitoring tools/capability to periodically review “access rights” Control deficiencies, typically, stemmed from changes or actions taken outside of the formal process Typically, leads to access creep, fraud risk, and failed user management processes
Copyright © 2006 Deloitte Development LLC. All rights reserved. 5 Why the Increased Interest • Regulatory Compliance - Sarbanes-Oxley and other regulatory issues are forcing companies to increase their awareness and accountability of their employees actions within the company • Security and Data Management – Recent privacy laws and prosecution of security violations is bringing a new awareness to monitoring and controlling security and access to data within the organization • Access Management – Provisioning and management of users access to applications have not been enforced, resulting in access creep • Rapid Implementation of ERPs – Application Security was often overlooked or implemented incompletely (Segregation of Duties was not addressed) Drivers causing companies to consider use of Segregation of Duties (SOD) in the management of their business
Copyright © 2006 Deloitte Development LLC. All rights reserved. 6 Organizational LevelOrganizational Level Regulatory Compliance Not only should business functions be separated departmentally, and at an even more granular level within departments, companies now finding that they need to provide system enforcement of traditional segregation of duties models External auditors are insisting on evidence that proper segregation of duties exists Sarbanes-Oxley is now providing a compelling case for the implementation and maintenance of appropriate segregation of duties at the organizational, manual process and system level. Business Function System Level - Applications - Infrastructure System Level - Applications - Infrastructure Department Level Manual ProcessManual Process
Copyright © 2006 Deloitte Development LLC. All rights reserved. 7 Security and Data Management Recent privacy laws and prosecution of security violations is bringing a new awareness to monitoring and controlling security and access to data within the organization • Lack of application specific Segregation of Duties are resulting in Access Creep, Fraud Risk, Failed User Management Processes • Disclosure of sensitive information can have a negative impact on shareholder value • Increased use of web services (online auctions and banking) has brought increased risk of identity theft and fraud • Privacy laws and disclosure of violations is increasing the need for proactive segregation and control over access to data
Copyright © 2006 Deloitte Development LLC. All rights reserved. 8 Access Management Implementation of identity management and ERP tools provides an avenue to leverage technologies to enforce and regulate enterprise level segregation of duties • Established authoritative sources of information through ERP systems (HRMS) • Leverage user lifecycle through role based access control and system integration • Automated provisioning to lower operational costs • Greater visibility by management to monitor user activity • Centralization of user ID management for multiple applications through the single sign-on concept
Copyright © 2006 Deloitte Development LLC. All rights reserved. 9 Example Approach to an SOD Program
Copyright © 2006 Deloitte Development LLC. All rights reserved. 10 Segregation of Duties Components Segregation of Duties Components Establish Enforcement Establish Enforcement Organizational & Process Alignment Organizational & Process Alignment Rules & Policies Rules & Policies Monitoring & Governance Monitoring & Governance Mitigating Controls Mitigating Controls Companies Need a Process for Establishing and Managing Segregation of Duties Business Objectives SOD Solution Establishing a process for defining SOD rules and policies, aligning organization and process, establishing enforcement, mitigating controls and monitoring are essential components of an SOD solution that helps meet business objectives •Comply with the regulatory requirements, example Sarbanes- Oxley legislation •Improve company-wide internal control structure •Mitigate the risk of intentional fraud or unintentional error to the organization •Align functions organizationally with common best practices •Gain a level of comfort that the financial statements are free from misstatement •Improve financial data, thereby improving management reporting •Satisfy increasing customer and investor demands for sound internal controls
Copyright © 2006 Deloitte Development LLC. All rights reserved. 11 Rules & Policies Confirm SOD requirements (including regulatory compliance requirements) Develop segregation of duties rules Eliminate false positives from rule set Define manual segregation of duties components Confirm SOD requirements (including regulatory compliance requirements) Develop segregation of duties rules Eliminate false positives from rule set Define manual segregation of duties components Program To Establish and Manage SOD Organizational & Process Alignment Establish Enforcement Mitigating Controls Monitoring & Governance Perform risk assessments to identify requirements and strategies Identify key stakeholders and establish a communication plan Understand and adapt standards (including policies and procedures) Build and maintain support within initiative and within organization Align processes to effect the proper balance between control value and operational efficiency (cost vs. benefit analysis) Identify appropriate segregation points within relevant processes Obtain buy-in to SOD solution from process owners Perform risk assessments to identify requirements and strategies Identify key stakeholders and establish a communication plan Understand and adapt standards (including policies and procedures) Build and maintain support within initiative and within organization Align processes to effect the proper balance between control value and operational efficiency (cost vs. benefit analysis) Identify appropriate segregation points within relevant processes Obtain buy-in to SOD solution from process owners Assist in selecting the appropriate technology solution Pilot the implementation to validate the solution Implement the solution; deliver in phases (highest value first) Test performance and functionality Assist in selecting the appropriate technology solution Pilot the implementation to validate the solution Implement the solution; deliver in phases (highest value first) Test performance and functionality Develop controls to address functions which cannot be adequately segregated Develop controls to address functions which cannot be adequately segregated Adhere to the business policies and procedures after initial deployment Perform periodic assessment to validate adherence to policies and rules Adapt solution as the business changes (e.g., M&A, reorganizations Adhere to the business policies and procedures after initial deployment Perform periodic assessment to validate adherence to policies and rules Adapt solution as the business changes (e.g., M&A, reorganizations
Copyright © 2006 Deloitte Development LLC. All rights reserved. 12 Technology can help companies manage the enforcement and monitoring of segregation of duties rules and policies • In response to the current regulatory environment, commercial software solutions are available to provide an automated platform to support SOX compliance by providing functionality such as defining and monitoring Segregation of Duties (SOD), monitoring critical transactions, fine tuning authorizations, and reporting • Key features of Segregation of Duties products include: – Ability for SOD analysis as new accounts are added/updated – Support for both preventative and detective controls – Support for multi-application analysis – Links to security policies; drill down capabilities – Rule building and customization support – Ad-hoc reporting capabilities – Support for the capture of mitigating controls – Linkage to role access request process/ e-Provisioning – Support for broader controls monitoring programs
Copyright © 2006 Deloitte Development LLC. All rights reserved. 13 ReportsReports Sample IdM Segregation of Duties Architecture ManagerManager Enterprise/Cross Application SOD Check (User Level) Enterprise/Cross Application SOD Check (User Level) Access Coordinator Access Coordinator Approval AuditingApproval Auditing Enterprise User Level SOD Enterprise User Level SOD SiebelSiebel People- Soft People- Soft LegacyLegacy SAPSAP SOD ToolsSOD Tools User Level SOD User Level SOD Role Level SOD Role Level SOD Other People Soft User Provisioning Software Desktop PeopleSoft Siebel Island Pacific Windows SAP Automated User Provisioning w/ SOD CheckAutomated User Provisioning w/ SOD Check User requests access to all applications through a portal. Access is granted if SOD check is successful.
Copyright © 2006 Deloitte Development LLC. All rights reserved. 14 SOD Assessment Process • Upload Segregation of Duties Rules to SOD Tool • Extract data from Application for User and Roles (Functions or Objects) • Execute SOD Tool • Perform SOD Conflict Analysis Determine SOD Rules •Identify Key Responsibilities within each Business Process Area •Establish Segregation of Duties Rules for each Business Process •Create SOD Conflict Matrix (Rules) • Remediation Plan • Resolve SOD issues or Identify Compensating Controls • Re-perform Application SOD testing Step I Gather Data, Execute SOD Tool, Analyze SOD Output Remediate, Retest, Roll-Forward Step II Step III
Copyright © 2006 Deloitte Development LLC. All rights reserved. 15 Determine SOD Rules Client Process Owners to indicate: SOD rules that are currently enforced Conflicts that may be important but not currently enforced Conflicts that are not relevant Conflicts that are low risk based on company’s Business Model Unique Application Customizations for which conflicts need to be identified Known conflicts that exist for business reason Application Support Team to provide information: Super User and System Administrator’s Access in Applications Risk Mitigation methods (of Super User & System Administrator access) employed Step I Continued..
Copyright © 2006 Deloitte Development LLC. All rights reserved. 16 Determine SOD Rules Deloitte Review SOD information gathered with BPOs: Edit SOD rules to reflect suggested additions and deletions Confirm that rules include proper cross-business cycle rules Finalize SOD rules with Business Process Owners (BPOs) Obtain consensus and Sign-off on SOD design from BPOs Discuss SOD Rules with External Auditors Finalize SOD Design with BPOs Step I, Cont. Continued..
Copyright © 2006 Deloitte Development LLC. All rights reserved. 17 Market Opportunity Client Remediate current conflicts identified in Step I Identify compensating controls where appropriate Deloitte Upload Segregation of Duties Rules to SOD Tool Extract data from Application for Roles and Users Upload the extracted data into the SOD Tool Execute SOD Tool Validate data extracted from Applications Note: For a cross-application analysis, a user identity mapping exercise must also be conducted. Step II Gather Data, Execute SOD Analysis
Copyright © 2006 Deloitte Development LLC. All rights reserved. 18 Market Opportunity Deloitte Document SOD Conflict Results Conflicts within Roles – Role Design Conflicts by Users - Users with access to Roles within an Application * Cross Application Conflicts - Users with access to multiple Roles across Applications * In some cases, users may have direct access to conflict (without going through a role). Step II, Cont. Gather Data, Execute SOD Analysis
Copyright © 2006 Deloitte Development LLC. All rights reserved. 19 Remediate, Retest, Roll Forward Improve the security model. (e.g. Role design improvement, implement access management tools, etc) Enforce Approvals within key process flows and updates Update User Access Policies and Procedures to include SOD conflict checks Document mitigating controls Secure shared master data (e.g. Customers, Suppliers, Items, etc) Remove User Access to multiple conflicting Roles Market Opportunity Remediation Plan & Resolution of Issues Re-perform Application SOD testing Step III Roll Forward Application SOD testing
Copyright © 2006 Deloitte Development LLC. All rights reserved. 20 Example
Copyright © 2006 Deloitte Development LLC. All rights reserved. 21 Conflict Rule Set • Conflict 1 - Create PO vs. Approve PO • Conflict 2 - Auto-replenishment vs. Approve PO • Conflict 3 - Setup Vendor vs. Approve Vendor • Conflict 4 - Conflict between Create PO, Approve PO, Create Vendor and Approve Vendor
Copyright © 2006 Deloitte Development LLC. All rights reserved. 22 Conflict Report
Copyright © 2006 Deloitte Development LLC. All rights reserved. 23 Software Tool Comparison User Pro- visioning Single- Sign-On S-4, S-8, S-12, S-16: Access privileges are timely disabled or modified in response to terms and transfers. S-2: Formal policies govern user access administration, config and monitoring. S-6, S10, S14: Review of unauthorized access attempts is performed. S-5, S-9, S-13, S17: Periodic review of user access privileges is performed. S-3, S-7, S-11, S-15: Additions / modifications to security privileges are properly authorized. S-1: Proper segregation of duties exists among the IT functions (e.g. application development and DBA). SOD ToolsExample Control Objectives (Summarized) IdM technique could be deployed to address some of the objective IdM technique could be deployed to address most of the objective
Copyright © 2006 Deloitte Development LLC. All rights reserved. 24 About Deloitte Deloitte, one of the nation's leading professional services firms, provides audit, tax, consulting, and financial advisory services through nearly 30,000 people in more than 80 U.S. cities. Known as an employer of choice for innovative human resources programs, the firm is dedicated to helping its clients and its people excel. "Deloitte" refers to the associated partnerships of Deloitte & Touche USA LLP (Deloitte & Touche LLP and Deloitte Consulting LLP) and subsidiaries. Deloitte is the U.S. member firm of Deloitte Touche Tohmatsu. For more information, please visit Deloitte's Web site at www.deloitte.com/us. Deloitte Touche Tohmatsu is an organization of member firms devoted to excellence in providing professional services and advice. We are focused on client service through a global strategy executed locally in nearly 150 countries. With access to the deep intellectual capital of 120,000 people worldwide, our member firms, including their affiliates, deliver services in four professional areas: audit, tax, consulting, and financial advisory services. Our member firms serve more than one-half of the world’s largest companies, as well as large national enterprises, public institutions, locally important clients, and successful, fast-growing global growth companies. Deloitte Touche Tohmatsu is a Swiss Verein (association), and, as such, neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each other’s acts or omissions. Each of the member firms is a separate and independent legal entity operating under the names “Deloitte,” "Deloitte & Touche," "Deloitte Touche Tohmatsu," or other, related names. The services described herein are provided by the member firms and not by the Deloitte Touche Tohmatsu Verein. For regulatory and other reasons, certain member firms do not provide services in all four professional areas listed above.

Recommandé

Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 CA CISA Jayjit Biswas
 
Segregation of Duties
Segregation of DutiesSegregation of Duties
Segregation of DutiesPECB
 
SAP Governance,Risk and Compliance
SAP Governance,Risk and ComplianceSAP Governance,Risk and Compliance
SAP Governance,Risk and ComplianceTLI GrowthSession
 
Security & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSecurity & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSmart ERP Solutions, Inc.
 
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...TransWare AG
 
SAP Identity Management Overview
SAP Identity Management OverviewSAP Identity Management Overview
SAP Identity Management OverviewSAP Technology
 
Fiori and S/4 authorizations: What are the biggest challenges, and where do t...
Fiori and S/4 authorizations: What are the biggest challenges, and where do t...Fiori and S/4 authorizations: What are the biggest challenges, and where do t...
Fiori and S/4 authorizations: What are the biggest challenges, and where do t...akquinet enterprise solutions GmbH
 
The Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelThe Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelSarah Moore
 

Recommandé

Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 CA CISA Jayjit Biswas
 
Segregation of Duties
Segregation of DutiesSegregation of Duties
Segregation of DutiesPECB
 
SAP Governance,Risk and Compliance
SAP Governance,Risk and ComplianceSAP Governance,Risk and Compliance
SAP Governance,Risk and ComplianceTLI GrowthSession
 
Security & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSecurity & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSmart ERP Solutions, Inc.
 
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...TransWare AG
 
SAP Identity Management Overview
SAP Identity Management OverviewSAP Identity Management Overview
SAP Identity Management OverviewSAP Technology
 
Fiori and S/4 authorizations: What are the biggest challenges, and where do t...
Fiori and S/4 authorizations: What are the biggest challenges, and where do t...Fiori and S/4 authorizations: What are the biggest challenges, and where do t...
Fiori and S/4 authorizations: What are the biggest challenges, and where do t...akquinet enterprise solutions GmbH
 
The Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelThe Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelSarah Moore
 
Seg dutieschecklist
Seg dutieschecklistSeg dutieschecklist
Seg dutieschecklistPakistan State Oil Company Limited
 
Oracle financials functional training on ap, ar & gl
Oracle financials functional training on ap, ar & glOracle financials functional training on ap, ar & gl
Oracle financials functional training on ap, ar & glmagnifics
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOXMahesh Patwardhan
 
GRC Fundamentals
GRC FundamentalsGRC Fundamentals
GRC Fundamentals3Sixty Insights
 
An Overview of SAP S4/HANA
An Overview of SAP S4/HANAAn Overview of SAP S4/HANA
An Overview of SAP S4/HANADebajit Banerjee
 
Oracle Implementation Project Template
Oracle Implementation Project TemplateOracle Implementation Project Template
Oracle Implementation Project Templateacribe
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Complianceseanpizzy
 
Introduction to SAP ERP
Introduction to SAP ERPIntroduction to SAP ERP
Introduction to SAP ERPhasan2000
 
Grc 10 training
Grc 10 trainingGrc 10 training
Grc 10 trainingsuresh
 
Migration to sap s4 hana
Migration to sap s4 hanaMigration to sap s4 hana
Migration to sap s4 hanaМарина Ковалёва
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveMax Neira Schliemann
 
Oracle Project Financial Management Cloud in 9 Weeks
Oracle Project Financial Management Cloud in 9 WeeksOracle Project Financial Management Cloud in 9 Weeks
Oracle Project Financial Management Cloud in 9 WeeksPerficient, Inc.
 
Preparing for Deployment of SAP Ariba Solutions at Your Company
Preparing for Deployment of SAP Ariba Solutions at Your Company Preparing for Deployment of SAP Ariba Solutions at Your Company
Preparing for Deployment of SAP Ariba Solutions at Your Company SAP Ariba
 
Sap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online trainingSap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online traininggrconlinetraining
 
SAP Activate Methodology for S/4HANA Implementation
SAP Activate Methodology for S/4HANA ImplementationSAP Activate Methodology for S/4HANA Implementation
SAP Activate Methodology for S/4HANA ImplementationKellton Tech Solutions Ltd
 
SAP grc
SAP grc SAP grc
SAP grc smadhu29
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
Oracle eBS Overview.pptx
Oracle eBS Overview.pptxOracle eBS Overview.pptx
Oracle eBS Overview.pptxssuser9dce1e1
 
SAP GRC
SAP GRC SAP GRC
SAP GRC Kellton Tech Solutions Ltd
 
SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and YouSchellman & Company
 
Government and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsGovernment and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsDan Aldridge, ERP Software Evangelist, LION
 
Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Smart ERP Solutions, Inc.
 

Contenu connexe

Tendances

Oracle financials functional training on ap, ar & gl
Oracle financials functional training on ap, ar & glOracle financials functional training on ap, ar & gl
Oracle financials functional training on ap, ar & glmagnifics
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOXMahesh Patwardhan
 
An Overview of SAP S4/HANA
An Overview of SAP S4/HANAAn Overview of SAP S4/HANA
An Overview of SAP S4/HANADebajit Banerjee
 
Oracle Implementation Project Template
Oracle Implementation Project TemplateOracle Implementation Project Template
Oracle Implementation Project Templateacribe
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Complianceseanpizzy
 
Introduction to SAP ERP
Introduction to SAP ERPIntroduction to SAP ERP
Introduction to SAP ERPhasan2000
 
Grc 10 training
Grc 10 trainingGrc 10 training
Grc 10 trainingsuresh
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveMax Neira Schliemann
 
Oracle Project Financial Management Cloud in 9 Weeks
Oracle Project Financial Management Cloud in 9 WeeksOracle Project Financial Management Cloud in 9 Weeks
Oracle Project Financial Management Cloud in 9 WeeksPerficient, Inc.
 
Preparing for Deployment of SAP Ariba Solutions at Your Company
Preparing for Deployment of SAP Ariba Solutions at Your Company Preparing for Deployment of SAP Ariba Solutions at Your Company
Preparing for Deployment of SAP Ariba Solutions at Your Company SAP Ariba
 
Sap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online trainingSap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online traininggrconlinetraining
 
SAP Activate Methodology for S/4HANA Implementation
SAP Activate Methodology for S/4HANA ImplementationSAP Activate Methodology for S/4HANA Implementation
SAP Activate Methodology for S/4HANA ImplementationKellton Tech Solutions Ltd
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
Oracle eBS Overview.pptx
Oracle eBS Overview.pptxOracle eBS Overview.pptx
Oracle eBS Overview.pptxssuser9dce1e1
 

Tendances (20)

Seg dutieschecklist
Seg dutieschecklistSeg dutieschecklist
Seg dutieschecklist
 
Oracle financials functional training on ap, ar & gl
Oracle financials functional training on ap, ar & glOracle financials functional training on ap, ar & gl
Oracle financials functional training on ap, ar & gl
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOX
 
GRC Fundamentals
GRC FundamentalsGRC Fundamentals
GRC Fundamentals
 
An Overview of SAP S4/HANA
An Overview of SAP S4/HANAAn Overview of SAP S4/HANA
An Overview of SAP S4/HANA
 
Oracle Implementation Project Template
Oracle Implementation Project TemplateOracle Implementation Project Template
Oracle Implementation Project Template
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Compliance
 
Introduction to SAP ERP
Introduction to SAP ERPIntroduction to SAP ERP
Introduction to SAP ERP
 
Grc 10 training
Grc 10 trainingGrc 10 training
Grc 10 training
 
Migration to sap s4 hana
Migration to sap s4 hanaMigration to sap s4 hana
Migration to sap s4 hana
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance Executive
 
Oracle Project Financial Management Cloud in 9 Weeks
Oracle Project Financial Management Cloud in 9 WeeksOracle Project Financial Management Cloud in 9 Weeks
Oracle Project Financial Management Cloud in 9 Weeks
 
Preparing for Deployment of SAP Ariba Solutions at Your Company
Preparing for Deployment of SAP Ariba Solutions at Your Company Preparing for Deployment of SAP Ariba Solutions at Your Company
Preparing for Deployment of SAP Ariba Solutions at Your Company
 
Sap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online trainingSap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online training
 
SAP Activate Methodology for S/4HANA Implementation
SAP Activate Methodology for S/4HANA ImplementationSAP Activate Methodology for S/4HANA Implementation
SAP Activate Methodology for S/4HANA Implementation
 
SAP grc
SAP grc SAP grc
SAP grc
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 
Oracle eBS Overview.pptx
Oracle eBS Overview.pptxOracle eBS Overview.pptx
Oracle eBS Overview.pptx
 
SAP GRC
SAP GRC SAP GRC
SAP GRC
 
SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and You
 

En vedette

Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Smart ERP Solutions, Inc.
 
Automating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and FinancialsAutomating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and FinancialsSmart ERP Solutions, Inc.
 
SAP GRC 10 Access Control
SAP GRC 10 Access ControlSAP GRC 10 Access Control
SAP GRC 10 Access ControlNasir Gondal
 
Segregation of Duties and Continuous Delivery
Segregation of Duties and Continuous DeliverySegregation of Duties and Continuous Delivery
Segregation of Duties and Continuous DeliverySriram Narayanan
 
Project Risk register
Project Risk registerProject Risk register
Project Risk registerKashif Mastan
 
Sap Security Workshop
Sap Security WorkshopSap Security Workshop
Sap Security Workshoplarrymcc
 
Best Practices for ERP Cloud Migrations: A CFO Guidebook
Best Practices for ERP Cloud Migrations: A CFO GuidebookBest Practices for ERP Cloud Migrations: A CFO Guidebook
Best Practices for ERP Cloud Migrations: A CFO GuidebookKim Pike
 
Bde sc3 2nd_workshop_2016_10_04_p03_efacec
Bde sc3 2nd_workshop_2016_10_04_p03_efacecBde sc3 2nd_workshop_2016_10_04_p03_efacec
Bde sc3 2nd_workshop_2016_10_04_p03_efacecBigData_Europe
 
Using Digital to get the most from B2B Exhibitions
Using Digital to get the most from B2B ExhibitionsUsing Digital to get the most from B2B Exhibitions
Using Digital to get the most from B2B ExhibitionsDEER digital
 
WWW.DSS.LV - Data Protection Basics 2015 - DeviceLock
WWW.DSS.LV - Data Protection Basics 2015 - DeviceLock WWW.DSS.LV - Data Protection Basics 2015 - DeviceLock
WWW.DSS.LV - Data Protection Basics 2015 - DeviceLock Andris Soroka
 
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus SolutionsAutomating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus SolutionsSmart ERP Solutions, Inc.
 
ISO 27001 BGYS DOKÜMANTASYON EĞİTİMİ
ISO 27001 BGYS DOKÜMANTASYON EĞİTİMİISO 27001 BGYS DOKÜMANTASYON EĞİTİMİ
ISO 27001 BGYS DOKÜMANTASYON EĞİTİMİFerhat CAMGÖZ
 
Data in Motion - Data at Rest - Hortonworks a Modern Architecture
Data in Motion - Data at Rest - Hortonworks a Modern ArchitectureData in Motion - Data at Rest - Hortonworks a Modern Architecture
Data in Motion - Data at Rest - Hortonworks a Modern ArchitectureMats Johansson
 
WINs Process Mapping - Risk Assessment Session
WINs Process Mapping - Risk Assessment SessionWINs Process Mapping - Risk Assessment Session
WINs Process Mapping - Risk Assessment Sessionjohncarrollcanyon
 
2015 내부정보유출방지 대책 및 방안
2015 내부정보유출방지 대책 및 방안2015 내부정보유출방지 대책 및 방안
2015 내부정보유출방지 대책 및 방안시온시큐리티
 

En vedette (20)

Government and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsGovernment and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP Systems
 
Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23Effective Segregation of Duties for PeopleSoft 2011-02-23
Effective Segregation of Duties for PeopleSoft 2011-02-23
 
Automating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and FinancialsAutomating PeopleSoft Segregation of Duties: HCM and Financials
Automating PeopleSoft Segregation of Duties: HCM and Financials
 
SAP GRC 10 Access Control
SAP GRC 10 Access ControlSAP GRC 10 Access Control
SAP GRC 10 Access Control
 
Casa engl
Casa englCasa engl
Casa engl
 
Segregation of Duties and Continuous Delivery
Segregation of Duties and Continuous DeliverySegregation of Duties and Continuous Delivery
Segregation of Duties and Continuous Delivery
 
Risk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and ImplementationRisk Technology Strategy, Selection and Implementation
Risk Technology Strategy, Selection and Implementation
 
Project Risk register
Project Risk registerProject Risk register
Project Risk register
 
Sap Security Workshop
Sap Security WorkshopSap Security Workshop
Sap Security Workshop
 
Best Practices for ERP Cloud Migrations: A CFO Guidebook
Best Practices for ERP Cloud Migrations: A CFO GuidebookBest Practices for ERP Cloud Migrations: A CFO Guidebook
Best Practices for ERP Cloud Migrations: A CFO Guidebook
 
Bde sc3 2nd_workshop_2016_10_04_p03_efacec
Bde sc3 2nd_workshop_2016_10_04_p03_efacecBde sc3 2nd_workshop_2016_10_04_p03_efacec
Bde sc3 2nd_workshop_2016_10_04_p03_efacec
 
7 Excel Control Template
7 Excel Control Template7 Excel Control Template
7 Excel Control Template
 
Using Digital to get the most from B2B Exhibitions
Using Digital to get the most from B2B ExhibitionsUsing Digital to get the most from B2B Exhibitions
Using Digital to get the most from B2B Exhibitions
 
WWW.DSS.LV - Data Protection Basics 2015 - DeviceLock
WWW.DSS.LV - Data Protection Basics 2015 - DeviceLock WWW.DSS.LV - Data Protection Basics 2015 - DeviceLock
WWW.DSS.LV - Data Protection Basics 2015 - DeviceLock
 
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus SolutionsAutomating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
Automating PeopleSoft Segregation of Duties: Financials/HCM/Campus Solutions
 
ISO 27001 BGYS DOKÜMANTASYON EĞİTİMİ
ISO 27001 BGYS DOKÜMANTASYON EĞİTİMİISO 27001 BGYS DOKÜMANTASYON EĞİTİMİ
ISO 27001 BGYS DOKÜMANTASYON EĞİTİMİ
 
Predictive analytics
Predictive analytics Predictive analytics
Predictive analytics
 
Data in Motion - Data at Rest - Hortonworks a Modern Architecture
Data in Motion - Data at Rest - Hortonworks a Modern ArchitectureData in Motion - Data at Rest - Hortonworks a Modern Architecture
Data in Motion - Data at Rest - Hortonworks a Modern Architecture
 
WINs Process Mapping - Risk Assessment Session
WINs Process Mapping - Risk Assessment SessionWINs Process Mapping - Risk Assessment Session
WINs Process Mapping - Risk Assessment Session
 
2015 내부정보유출방지 대책 및 방안
2015 내부정보유출방지 대책 및 방안2015 내부정보유출방지 대책 및 방안
2015 내부정보유출방지 대책 및 방안
 

Similaire à Segregation of Duties Solutions

Introduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdfIntroduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdfSALES97
 
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & Implementations
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & ImplementationsThousands of Hours Saved and Risk Reduced for EBS Upgrades & Implementations
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & ImplementationsOracle
 
2 -governanca_de_tic_-_uma_visao_do_mercado_gartner_-_claudio_chauke
2 -governanca_de_tic_-_uma_visao_do_mercado_gartner_-_claudio_chauke2 -governanca_de_tic_-_uma_visao_do_mercado_gartner_-_claudio_chauke
2 -governanca_de_tic_-_uma_visao_do_mercado_gartner_-_claudio_chaukeMayk Campelo
 
Jeffery Leu | Asset Management - Conserve Cash as well as Boost Productivity
Jeffery Leu | Asset Management - Conserve Cash as well as Boost ProductivityJeffery Leu | Asset Management - Conserve Cash as well as Boost Productivity
Jeffery Leu | Asset Management - Conserve Cash as well as Boost ProductivityJefferyLeu
 
Internal Audit Considerations in Creating an RPA Program
Internal Audit Considerations in Creating an RPA ProgramInternal Audit Considerations in Creating an RPA Program
Internal Audit Considerations in Creating an RPA ProgramAuxis Consulting & Outsourcing
 
Toronix - SOA Governance Quick Start
Toronix - SOA Governance Quick StartToronix - SOA Governance Quick Start
Toronix - SOA Governance Quick Startrrowntree
 
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAsAdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAsAdvisorAssist, LLC
 
04/21/2011 Meeting - Auditing with Data Analytics
04/21/2011 Meeting - Auditing with Data Analytics04/21/2011 Meeting - Auditing with Data Analytics
04/21/2011 Meeting - Auditing with Data Analyticsacfesj
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
 
Fixnix GRC Suite A Glance
Fixnix GRC Suite A GlanceFixnix GRC Suite A Glance
Fixnix GRC Suite A GlanceFixNix Inc.,
 
Killing Bureacracy
Killing Bureacracy Killing Bureacracy
Killing Bureacracy LucieColt
 
Stop the madness - Never doubt the quality of BI again using Data Governance
Stop the madness - Never doubt the quality of BI again using Data GovernanceStop the madness - Never doubt the quality of BI again using Data Governance
Stop the madness - Never doubt the quality of BI again using Data GovernanceMary Levins, PMP
 
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]Barun Kumar
 
Principal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic ApproachPrincipal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic ApproachMohammad Reda Katby
 

Similaire à Segregation of Duties Solutions (20)

Introduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdfIntroduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdf
 
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & Implementations
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & ImplementationsThousands of Hours Saved and Risk Reduced for EBS Upgrades & Implementations
Thousands of Hours Saved and Risk Reduced for EBS Upgrades & Implementations
 
Axis Consulting Case Studies
Axis Consulting Case StudiesAxis Consulting Case Studies
Axis Consulting Case Studies
 
LRQA ISO Standards Update - Integration as Standard? October 2013
LRQA ISO Standards Update - Integration as Standard? October 2013LRQA ISO Standards Update - Integration as Standard? October 2013
LRQA ISO Standards Update - Integration as Standard? October 2013
 
2 -governanca_de_tic_-_uma_visao_do_mercado_gartner_-_claudio_chauke
2 -governanca_de_tic_-_uma_visao_do_mercado_gartner_-_claudio_chauke2 -governanca_de_tic_-_uma_visao_do_mercado_gartner_-_claudio_chauke
2 -governanca_de_tic_-_uma_visao_do_mercado_gartner_-_claudio_chauke
 
Infographic: Data Governance Best Practices
Infographic: Data Governance Best Practices Infographic: Data Governance Best Practices
Infographic: Data Governance Best Practices
 
Case Studies
Case StudiesCase Studies
Case Studies
 
Jeffery Leu | Asset Management - Conserve Cash as well as Boost Productivity
Jeffery Leu | Asset Management - Conserve Cash as well as Boost ProductivityJeffery Leu | Asset Management - Conserve Cash as well as Boost Productivity
Jeffery Leu | Asset Management - Conserve Cash as well as Boost Productivity
 
Internal Audit Considerations in Creating an RPA Program
Internal Audit Considerations in Creating an RPA ProgramInternal Audit Considerations in Creating an RPA Program
Internal Audit Considerations in Creating an RPA Program
 
Toronix - SOA Governance Quick Start
Toronix - SOA Governance Quick StartToronix - SOA Governance Quick Start
Toronix - SOA Governance Quick Start
 
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAsAdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
 
Dit yvol4iss27
Dit yvol4iss27Dit yvol4iss27
Dit yvol4iss27
 
04/21/2011 Meeting - Auditing with Data Analytics
04/21/2011 Meeting - Auditing with Data Analytics04/21/2011 Meeting - Auditing with Data Analytics
04/21/2011 Meeting - Auditing with Data Analytics
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
 
Fixnix GRC Suite A Glance
Fixnix GRC Suite A GlanceFixnix GRC Suite A Glance
Fixnix GRC Suite A Glance
 
Killing Bureacracy
Killing Bureacracy Killing Bureacracy
Killing Bureacracy
 
An IT Governance program
An IT Governance programAn IT Governance program
An IT Governance program
 
Stop the madness - Never doubt the quality of BI again using Data Governance
Stop the madness - Never doubt the quality of BI again using Data GovernanceStop the madness - Never doubt the quality of BI again using Data Governance
Stop the madness - Never doubt the quality of BI again using Data Governance
 
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
 
Principal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic ApproachPrincipal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic Approach
 

Dernier

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Dernier (20)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Segregation of Duties Solutions

  • 1. Segregation of Duties Solutions Point of View January 10, 2007
  • 2. Copyright © 2006 Deloitte Development LLC. All rights reserved. 1 Contents Example SOD Tool Process and Sample Documents Example Approach to an SOD Program Business Considerations
  • 3. Copyright © 2006 Deloitte Development LLC. All rights reserved. 2 Business Considerations
  • 4. Copyright © 2006 Deloitte Development LLC. All rights reserved. 3 Segregation of Duties • Represents a key internal control that ensures no single person has too much influence over any business transaction or operation • Serves to prevent unintentional errors or fraud and ensure timely detection of errors that may occur • Provides a method of improving organizational, business process and IT control alignment • Represents a key internal control that ensures no single person has too much influence over any business transaction or operation • Serves to prevent unintentional errors or fraud and ensure timely detection of errors that may occur • Provides a method of improving organizational, business process and IT control alignment Segregation of Duties is the separation of incompatible duties that could allow one person to commit and conceal fraud that may result in financial loss or misstatement to the company. Segregation of duties may be within an application or within the infrastructure. Segregation of duties has always been an important component of a properly functioning internal control environment
  • 5. Copyright © 2006 Deloitte Development LLC. All rights reserved. 4 Common Challenges and Pitfalls of IT Controls • Limited mechanisms to consistently enforce policies at an enterprise level • Lack of strong executive-level support and insufficient alignment between IT and the business • Lack of user education & awareness regarding SOD • Management’s preference to rely on mitigating controls in place of implementing proper SOD • Inadequate policies and procedures for effectively changing or removing access when users change jobs or leave the company • Limited automated reporting capabilities for IT controls • No monitoring tools/capability to periodically review “access rights” Control deficiencies, typically, stemmed from changes or actions taken outside of the formal process Typically, leads to access creep, fraud risk, and failed user management processes
  • 6. Copyright © 2006 Deloitte Development LLC. All rights reserved. 5 Why the Increased Interest • Regulatory Compliance - Sarbanes-Oxley and other regulatory issues are forcing companies to increase their awareness and accountability of their employees actions within the company • Security and Data Management – Recent privacy laws and prosecution of security violations is bringing a new awareness to monitoring and controlling security and access to data within the organization • Access Management – Provisioning and management of users access to applications have not been enforced, resulting in access creep • Rapid Implementation of ERPs – Application Security was often overlooked or implemented incompletely (Segregation of Duties was not addressed) Drivers causing companies to consider use of Segregation of Duties (SOD) in the management of their business
  • 7. Copyright © 2006 Deloitte Development LLC. All rights reserved. 6 Organizational LevelOrganizational Level Regulatory Compliance Not only should business functions be separated departmentally, and at an even more granular level within departments, companies now finding that they need to provide system enforcement of traditional segregation of duties models External auditors are insisting on evidence that proper segregation of duties exists Sarbanes-Oxley is now providing a compelling case for the implementation and maintenance of appropriate segregation of duties at the organizational, manual process and system level. Business Function System Level - Applications - Infrastructure System Level - Applications - Infrastructure Department Level Manual ProcessManual Process
  • 8. Copyright © 2006 Deloitte Development LLC. All rights reserved. 7 Security and Data Management Recent privacy laws and prosecution of security violations is bringing a new awareness to monitoring and controlling security and access to data within the organization • Lack of application specific Segregation of Duties are resulting in Access Creep, Fraud Risk, Failed User Management Processes • Disclosure of sensitive information can have a negative impact on shareholder value • Increased use of web services (online auctions and banking) has brought increased risk of identity theft and fraud • Privacy laws and disclosure of violations is increasing the need for proactive segregation and control over access to data
  • 9. Copyright © 2006 Deloitte Development LLC. All rights reserved. 8 Access Management Implementation of identity management and ERP tools provides an avenue to leverage technologies to enforce and regulate enterprise level segregation of duties • Established authoritative sources of information through ERP systems (HRMS) • Leverage user lifecycle through role based access control and system integration • Automated provisioning to lower operational costs • Greater visibility by management to monitor user activity • Centralization of user ID management for multiple applications through the single sign-on concept
  • 10. Copyright © 2006 Deloitte Development LLC. All rights reserved. 9 Example Approach to an SOD Program
  • 11. Copyright © 2006 Deloitte Development LLC. All rights reserved. 10 Segregation of Duties Components Segregation of Duties Components Establish Enforcement Establish Enforcement Organizational & Process Alignment Organizational & Process Alignment Rules & Policies Rules & Policies Monitoring & Governance Monitoring & Governance Mitigating Controls Mitigating Controls Companies Need a Process for Establishing and Managing Segregation of Duties Business Objectives SOD Solution Establishing a process for defining SOD rules and policies, aligning organization and process, establishing enforcement, mitigating controls and monitoring are essential components of an SOD solution that helps meet business objectives •Comply with the regulatory requirements, example Sarbanes- Oxley legislation •Improve company-wide internal control structure •Mitigate the risk of intentional fraud or unintentional error to the organization •Align functions organizationally with common best practices •Gain a level of comfort that the financial statements are free from misstatement •Improve financial data, thereby improving management reporting •Satisfy increasing customer and investor demands for sound internal controls
  • 12. Copyright © 2006 Deloitte Development LLC. All rights reserved. 11 Rules & Policies Confirm SOD requirements (including regulatory compliance requirements) Develop segregation of duties rules Eliminate false positives from rule set Define manual segregation of duties components Confirm SOD requirements (including regulatory compliance requirements) Develop segregation of duties rules Eliminate false positives from rule set Define manual segregation of duties components Program To Establish and Manage SOD Organizational & Process Alignment Establish Enforcement Mitigating Controls Monitoring & Governance Perform risk assessments to identify requirements and strategies Identify key stakeholders and establish a communication plan Understand and adapt standards (including policies and procedures) Build and maintain support within initiative and within organization Align processes to effect the proper balance between control value and operational efficiency (cost vs. benefit analysis) Identify appropriate segregation points within relevant processes Obtain buy-in to SOD solution from process owners Perform risk assessments to identify requirements and strategies Identify key stakeholders and establish a communication plan Understand and adapt standards (including policies and procedures) Build and maintain support within initiative and within organization Align processes to effect the proper balance between control value and operational efficiency (cost vs. benefit analysis) Identify appropriate segregation points within relevant processes Obtain buy-in to SOD solution from process owners Assist in selecting the appropriate technology solution Pilot the implementation to validate the solution Implement the solution; deliver in phases (highest value first) Test performance and functionality Assist in selecting the appropriate technology solution Pilot the implementation to validate the solution Implement the solution; deliver in phases (highest value first) Test performance and functionality Develop controls to address functions which cannot be adequately segregated Develop controls to address functions which cannot be adequately segregated Adhere to the business policies and procedures after initial deployment Perform periodic assessment to validate adherence to policies and rules Adapt solution as the business changes (e.g., M&A, reorganizations Adhere to the business policies and procedures after initial deployment Perform periodic assessment to validate adherence to policies and rules Adapt solution as the business changes (e.g., M&A, reorganizations
  • 13. Copyright © 2006 Deloitte Development LLC. All rights reserved. 12 Technology can help companies manage the enforcement and monitoring of segregation of duties rules and policies • In response to the current regulatory environment, commercial software solutions are available to provide an automated platform to support SOX compliance by providing functionality such as defining and monitoring Segregation of Duties (SOD), monitoring critical transactions, fine tuning authorizations, and reporting • Key features of Segregation of Duties products include: – Ability for SOD analysis as new accounts are added/updated – Support for both preventative and detective controls – Support for multi-application analysis – Links to security policies; drill down capabilities – Rule building and customization support – Ad-hoc reporting capabilities – Support for the capture of mitigating controls – Linkage to role access request process/ e-Provisioning – Support for broader controls monitoring programs
  • 14. Copyright © 2006 Deloitte Development LLC. All rights reserved. 13 ReportsReports Sample IdM Segregation of Duties Architecture ManagerManager Enterprise/Cross Application SOD Check (User Level) Enterprise/Cross Application SOD Check (User Level) Access Coordinator Access Coordinator Approval AuditingApproval Auditing Enterprise User Level SOD Enterprise User Level SOD SiebelSiebel People- Soft People- Soft LegacyLegacy SAPSAP SOD ToolsSOD Tools User Level SOD User Level SOD Role Level SOD Role Level SOD Other People Soft User Provisioning Software Desktop PeopleSoft Siebel Island Pacific Windows SAP Automated User Provisioning w/ SOD CheckAutomated User Provisioning w/ SOD Check User requests access to all applications through a portal. Access is granted if SOD check is successful.
  • 15. Copyright © 2006 Deloitte Development LLC. All rights reserved. 14 SOD Assessment Process • Upload Segregation of Duties Rules to SOD Tool • Extract data from Application for User and Roles (Functions or Objects) • Execute SOD Tool • Perform SOD Conflict Analysis Determine SOD Rules •Identify Key Responsibilities within each Business Process Area •Establish Segregation of Duties Rules for each Business Process •Create SOD Conflict Matrix (Rules) • Remediation Plan • Resolve SOD issues or Identify Compensating Controls • Re-perform Application SOD testing Step I Gather Data, Execute SOD Tool, Analyze SOD Output Remediate, Retest, Roll-Forward Step II Step III
  • 16. Copyright © 2006 Deloitte Development LLC. All rights reserved. 15 Determine SOD Rules Client Process Owners to indicate: SOD rules that are currently enforced Conflicts that may be important but not currently enforced Conflicts that are not relevant Conflicts that are low risk based on company’s Business Model Unique Application Customizations for which conflicts need to be identified Known conflicts that exist for business reason Application Support Team to provide information: Super User and System Administrator’s Access in Applications Risk Mitigation methods (of Super User & System Administrator access) employed Step I Continued..
  • 17. Copyright © 2006 Deloitte Development LLC. All rights reserved. 16 Determine SOD Rules Deloitte Review SOD information gathered with BPOs: Edit SOD rules to reflect suggested additions and deletions Confirm that rules include proper cross-business cycle rules Finalize SOD rules with Business Process Owners (BPOs) Obtain consensus and Sign-off on SOD design from BPOs Discuss SOD Rules with External Auditors Finalize SOD Design with BPOs Step I, Cont. Continued..
  • 18. Copyright © 2006 Deloitte Development LLC. All rights reserved. 17 Market Opportunity Client Remediate current conflicts identified in Step I Identify compensating controls where appropriate Deloitte Upload Segregation of Duties Rules to SOD Tool Extract data from Application for Roles and Users Upload the extracted data into the SOD Tool Execute SOD Tool Validate data extracted from Applications Note: For a cross-application analysis, a user identity mapping exercise must also be conducted. Step II Gather Data, Execute SOD Analysis
  • 19. Copyright © 2006 Deloitte Development LLC. All rights reserved. 18 Market Opportunity Deloitte Document SOD Conflict Results Conflicts within Roles – Role Design Conflicts by Users - Users with access to Roles within an Application * Cross Application Conflicts - Users with access to multiple Roles across Applications * In some cases, users may have direct access to conflict (without going through a role). Step II, Cont. Gather Data, Execute SOD Analysis
  • 20. Copyright © 2006 Deloitte Development LLC. All rights reserved. 19 Remediate, Retest, Roll Forward Improve the security model. (e.g. Role design improvement, implement access management tools, etc) Enforce Approvals within key process flows and updates Update User Access Policies and Procedures to include SOD conflict checks Document mitigating controls Secure shared master data (e.g. Customers, Suppliers, Items, etc) Remove User Access to multiple conflicting Roles Market Opportunity Remediation Plan & Resolution of Issues Re-perform Application SOD testing Step III Roll Forward Application SOD testing
  • 21. Copyright © 2006 Deloitte Development LLC. All rights reserved. 20 Example
  • 22. Copyright © 2006 Deloitte Development LLC. All rights reserved. 21 Conflict Rule Set • Conflict 1 - Create PO vs. Approve PO • Conflict 2 - Auto-replenishment vs. Approve PO • Conflict 3 - Setup Vendor vs. Approve Vendor • Conflict 4 - Conflict between Create PO, Approve PO, Create Vendor and Approve Vendor
  • 23. Copyright © 2006 Deloitte Development LLC. All rights reserved. 22 Conflict Report
  • 24. Copyright © 2006 Deloitte Development LLC. All rights reserved. 23 Software Tool Comparison User Pro- visioning Single- Sign-On S-4, S-8, S-12, S-16: Access privileges are timely disabled or modified in response to terms and transfers. S-2: Formal policies govern user access administration, config and monitoring. S-6, S10, S14: Review of unauthorized access attempts is performed. S-5, S-9, S-13, S17: Periodic review of user access privileges is performed. S-3, S-7, S-11, S-15: Additions / modifications to security privileges are properly authorized. S-1: Proper segregation of duties exists among the IT functions (e.g. application development and DBA). SOD ToolsExample Control Objectives (Summarized) IdM technique could be deployed to address some of the objective IdM technique could be deployed to address most of the objective
  • 25. Copyright © 2006 Deloitte Development LLC. All rights reserved. 24 About Deloitte Deloitte, one of the nation's leading professional services firms, provides audit, tax, consulting, and financial advisory services through nearly 30,000 people in more than 80 U.S. cities. Known as an employer of choice for innovative human resources programs, the firm is dedicated to helping its clients and its people excel. "Deloitte" refers to the associated partnerships of Deloitte & Touche USA LLP (Deloitte & Touche LLP and Deloitte Consulting LLP) and subsidiaries. Deloitte is the U.S. member firm of Deloitte Touche Tohmatsu. For more information, please visit Deloitte's Web site at www.deloitte.com/us. Deloitte Touche Tohmatsu is an organization of member firms devoted to excellence in providing professional services and advice. We are focused on client service through a global strategy executed locally in nearly 150 countries. With access to the deep intellectual capital of 120,000 people worldwide, our member firms, including their affiliates, deliver services in four professional areas: audit, tax, consulting, and financial advisory services. Our member firms serve more than one-half of the world’s largest companies, as well as large national enterprises, public institutions, locally important clients, and successful, fast-growing global growth companies. Deloitte Touche Tohmatsu is a Swiss Verein (association), and, as such, neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each other’s acts or omissions. Each of the member firms is a separate and independent legal entity operating under the names “Deloitte,” "Deloitte & Touche," "Deloitte Touche Tohmatsu," or other, related names. The services described herein are provided by the member firms and not by the Deloitte Touche Tohmatsu Verein. For regulatory and other reasons, certain member firms do not provide services in all four professional areas listed above.