DXP Mitigated Compliance Risks by Automating SoD Conflict Management

Leen Roeleveld News

DXP Enterprises, Inc., together with its subsidiaries, engages in distributing maintenance, repair, and operating (MRO) products, equipment, and services to energy and industrial customers primarily in the United States and Canada. It operates through three segments: Service Centers (SC), Supply Chain Services (SCS), and Innovative Pumping Solutions (IPS). The company was founded in 1908 and is based in Houston, Texas. …

General Availability of SoD Library for Infor CloudSuite Industrial (SyteLine 10)

Leen Roeleveld News

Dynaflow Solutions proudly announced general availability of the SoD Library for latest Infor CloudSuite Industrial (SyteLine 10). The SoD library contains hundreds of business rules to identify Segregation of Duties Violations. The update includes the mapping of newly introduced SyteLine Forms as well as a fine-tuning of the Forms for SyteLine 8 and 9. With the updated SoD Conflict Rule …

Webinar Invitation: Mitigating SoD Risks in Syteline

Leen Roeleveld News

Some business risks are obvious. A pandemic will be on all risks check lists in future. Other risks are more hidden. Such as risks, due to weaknesses in segregations of duties (SoD), or risks associated to unauthorized access to sensitive data. Those risks can still have a significant negative financial impact on your company. Whether you are a finance, IT …

Critical access and sensitive data

What is Critical and Sensitive Access in ERP Systems?

Leen Roeleveld Best Practices

Integration = Efficiency ERP systems have been around for a long time. And for a good reason. The out-of-the-box integrations within an ERP system allow companies to reach high levels of efficiency. Integration of the sales, planning, purchasing, production, delivery and accounts receivable processes is not only very effective in an integrated environment, it also diminishes the probability of human …

Habit 8: Automate the New Routines – Implement a Process for Role and Authorization Changes

Leen Roeleveld Best Practices

After go-live, there will be situations for users not being able to perform their job because they don’t have the required authorizations. If this happens, at least it is a sign that authorizations were not given too generous. Nevertheless, these issues are to be resolved. Understandably, users tend to take a short-cut, to get the required authorizations as soon as …


Habit 7: Sharpen the Saw – Review Controls and Authorizations Periodically

Leen Roeleveld Best Practices

In addition to the operational process to identify conflicts, it is necessary to periodically review the underlying elements. This is mainly about the roles and the controls. A role review can take place on two levels. Assess whether the role only provides access to the necessary application components Assess whether the employees are linked to the right role(s). The first …


Habit 6: Synergize – Implement SOD across ERP Solutions

Leen Roeleveld Best Practices

Large companies often arise from various acquisitions and mergers with other companies. Every acquired company typically has its own ERP environment, which cannot simply be replaced. That is why these companies often have multiple ERP systems. However, when processes are integrated, employees may have  access to multiple ERP systems to perform their duties. If we look at the applications that …


Habit 5: Seek First to Understand, then to be Understood – Investigate Conflicts and apply Mitigating Controls

Leen Roeleveld Best Practices

Evaluating Conflicts can be an overwhelming task. In a previous blog “First things first” is explained how to prioritize conflicts, to make it manageable. Now, we assume the list of conflicts can be meaningfully categorized, filtered and assigned to the corresponding role- and risk owners. From there, these owners can investigate the conflict and decide how to resolve the conflict. …

Think Win-Win

Habit 4: Think Win-Win – Utilize Existing Libraries for Conflict Identification

Leen Roeleveld Best Practices

Many companies have spent a considerable amount of effort to create the required business rules to identify conflicts. This task is complicated for different reasons: It requires an integrative and detailed knowledge of the full ERP application. Typically, knowledge of the ERP application is dispersed in different areas of expertise, with different people. To achieve consistency, strong coordination is required. …

Prioritize SOD Conflicts based on Risk Exposure

Habit 3: Put First Things First – Prioritize SOD Conflicts based on Risk Exposure

Leen Roeleveld Best Practices

A Segregation-of-Duties conflict can be defined as the situation where one ERP user has access to a combination of critical functions. This combination exposes the risk of fraud or error and eventually jeopardize the credibility of financial reports. Identifying SOD conflicts in an ERP system is a difficult task. It requires knowledge of all functions in the ERP system, combined …