Many companies have spent a considerable amount of effort to create the required business rules to identify conflicts. This task is complicated for different reasons: It requires an integrative and detailed knowledge of the full ERP application. Typically, knowledge of the ERP application is dispersed in different areas of expertise, with different people. To achieve consistency, strong coordination is required. …
Habit 3: Put First Things First – Prioritize SOD Conflicts based on Risk Exposure
A Segregation-of-Duties conflict can be defined as the situation where one ERP user has access to a combination of critical functions. This combination exposes the risk of fraud or error and eventually jeopardize the credibility of financial reports. Identifying SOD conflicts in an ERP system is a difficult task. It requires knowledge of all functions in the ERP system, combined …
Habit 2: Begin with the End in Mind – Include Role Definition in Implementation Project
The implementation period is the perfect time to start securing your ERP system against compliance risks. Examples of these risks are: unnecessary access to specific parts of the ERP system, undesired or not allowed combinations of role access (separation of duties), and unauthorized access to sensitive data. Designing the Access (authorization) model should be managed as an integral part of …
Habit 1: Be Proactive – Address Compliance Risks Already During Implementation
Deploying one or more ERP systems, whether it be SAP, Oracle, Infor, Microsoft or any other provider, is a challenge. Implementation teams are working hard to reach the go-live date. Often, security and compliance safeguards are sacrificed to prevent undesired delay of the project. At the go-live date, managements main concern is if the production line or services will not …
The 7+1 Habits of Highly Effective Compliance when deploying ERP Systems
Sharing is caring. In the coming months, Dynaflow will share years of experience implementing Segregation of Duties in (large) ERP environments. For too long, compliance has not had any focus during the implementation of an ERP system. Too often, compliance related matters were only addressed after Go-Live. Implementing proper SoD controls will help to reduce the risk of fraud and …