In addition to the operational process to identify conflicts, it is necessary to periodically review the underlying elements. This is mainly about the roles and the controls. A role review can take place on two levels.
- Assess whether the role only provides access to the necessary application components
- Assess whether the employees are linked to the right role(s).
The first review is a role content review, which is conducted by a domain or process expert. This person can assess whether the correct application components are linked to the responsibilities associated with the role. Any deviations are reported and adjusted.
The second review is usually performed by the supervisor or manager, who determines whether his employees, given their respective responsibilities, are linked to the appropriate roles. The roles must of course be sufficiently described to provide this supervisor with the information necessary for this assessment.
When roles have been modified, a conflict scan must be performed again to prevent new conflicts are introduced with the modified role. As soon as this role is in use, these conflicts multiply by the number of employees associated with the role, which potentially introduces a large number of new conflicts.
The mitigating controls must also be assessed periodically. In addition, it is checked whether the control is still effective and whether it is used in the right situations. It may also be necessary to make a control more specific, for example by applying a different scope. For example, a specific control for legal entity A must be performed monthly, but for legal entity B once per quarter.
By periodically reviewing the roles and controls, these elements that are important for conflict identification and mitigation remain up-to-date. This way the company optimizes its ‘control environment’.
Stay tuned! Follow us at LinkedIn or Facebook. Leave your e-mail address if you want us to send these blogs straight into your e-mail inbox.
Habit 6: Synergize – Implement SOD across ERP Solutions
Habit 5: Seek First to Understand, then to be Understood – Investigate Conflicts and apply Mitigating Controls
Habit 4: Think Win-Win – Utilize Existing Libraries for Conflict Identification
Habit 3: Put First Things First – Prioritize SOD Conflicts based on Risk Exposure
Habit 2: Begin with the End in Mind – Include Role Definition in Implementation Project
Habit 1: Be Proactive – Address Compliance Risks Already During Implementation
The 7+1 Habits of Highly Effective Compliance when deploying ERP Systems