Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing Segregation of Duties (SOD) in R3 Session Code: 808 Donnie Looper, Eastman Chemical Company Jasvir Gill, Virsa Systems.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Managing Segregation of Duties (SOD) in R3 Session Code: 808 Donnie Looper, Eastman Chemical Company Jasvir Gill, Virsa Systems."— Presentation transcript:

1 Managing Segregation of Duties (SOD) in R3 Session Code: 808 Donnie Looper, Eastman Chemical Company Jasvir Gill, Virsa Systems

2 Goals of this session: Managing Segregation of Duties What is SOD? SOD Challenges SOD Solutions SOD Best Practices Questions/Discussion

3 What is SOD? Managing Segregation of Duties SOD - “Segregation of Duties” –Most definitions include something along the lines of: “Internal controls intended to prevent or reduce the risk of errors/fraud, identify problems, and ensure corrective action is taken.”

4 What is SOD (continued) ? Managing Segregation of Duties SOD objectives: –Avoid conflicting access and reducing risk of fraud –Ensuring system stability/integrity is not at risk. Examples of SOD’s: –Create a Vendor & pay a Vendor –Process Sales Orders & Rebates Mitigating Controls (Compensating Controls): –Accept risk for situations (i.e. limited staff) by running specialized reports or developing additional controls.

5 Goals of this session: Managing Segregation of Duties What is SOD? SOD Challenges SOD Solutions SOD Best Practices Questions/Discussion

6 SOD Challenges: Managing Segregation of Duties Building/Upgrading SOD Data (Rules) Automating SOD Analysis Proactive/Ongoing SOD Compliance Documenting Mitigating Controls

7 SOD Challenges: Managing Segregation of Duties Building/Upgrading SOD Data (Rules) –How do you build a good set of data relevant to your needs? –How do you upgrade SOD rules in the future?

8 SOD Challenges: Managing Segregation of Duties Building/Upgrading SOD Data (Rules) Automating SOD Analysis Proactive/Ongoing SOD Compliance Documenting Mitigating Controls

9 SOD Challenges: Managing Segregation of Duties Automating SOD Analysis –How can you automate SOD analysis at all levels (User, Role, Profile, Composites)?

10 SOD Challenges: Managing Segregation of Duties Building/Upgrading SOD Data (Rules) Automating SOD Analysis Proactive/Ongoing SOD Compliance Documenting Mitigating Controls

11 SOD Challenges: Managing Segregation of Duties Proactive/Ongoing SOD Compliance –How do you ensure that once your system is clean it remains clean (free of SOD issues)?

12 SOD Challenges: Managing Segregation of Duties Building/Upgrading SOD Data (Rules) Automating SOD Analysis Proactive/Ongoing SOD Compliance Documenting Mitigating Controls

13 SOD Challenges: Managing Segregation of Duties Documenting Mitigating Controls –How do you automate Risk Mitigation Controls and use them in SOD analysis/resolution?

14 Goals of this session: Managing Segregation of Duties What is SOD? SOD Challenges SOD Solutions SOD Best Practices Questions/Discussion

15 SOD Solutions: Managing Segregation of Duties Building/Upgrading SOD Data (Rules) Automating SOD Analysis Proactive/Ongoing SOD Compliance Documenting Mitigating Controls

16 SOD Solutions (Building SOD Rules): Managing Segregation of Duties Identify user community Management Support (Proactive) Rule Database starting point: –Vendor Supplied Rules –Internal Control Standards For Your Company –Information from Other Contacts (ASUG, etc…) Customizing rules to meet your needs Automate the development of rules

17 SOD Solutions: Managing Segregation of Duties Building/Upgrading SOD Data (Rules) Automating SOD Analysis Proactive/Ongoing SOD Compliance Documenting Mitigating Controls

18 SOD Solutions (Automating SOD Analysis): Managing Segregation of Duties A tool is needed ( Ad hoc solutions don’t work) Tool must fully automate SOD analysis: – At the role level, user level, transaction code level and authorization object level. Tool must automate SOD rule definition, validation and customization. Tool should provide corrective analysis.

19 SOD Solutions: Managing Segregation of Duties Building/Upgrading SOD Data (Rules) Automating SOD Analysis Proactive/Ongoing SOD Compliance Documenting Mitigating Controls

20 SOD Solutions (Ongoing SOD Compliance): Managing Segregation of Duties Ensure compliance when either roles are changed or assigned to users All additions and modifications should have “What-If” scenarios performed The tool should fully automate simulation and be based on live data (Users & Roles)

21 SOD Solutions: Managing Segregation of Duties Building/Upgrading SOD Data (Rules) Automating SOD Analysis Proactive/Ongoing SOD Compliance Documenting Mitigating Controls

22 SOD Solutions (Documenting Mitigating Controls): Managing Segregation of Duties Tool must provide: –Online definition and documentation of the mitigating controls –Capability to define: Controls at the User, Role or Rule Level Mitigation approvers and monitors Validity date for mitigation controls –Analysis with/without mitigation controls

23 Goals of this session: Managing Segregation of Duties What is SOD? SOD Challenges SOD Solutions SOD Best Practices Questions/Discussion

24 SOD Best Practices: Managing Segregation of Duties Identify and resolve issues at the earliest phase possible. –Once SODs creep into PRD they are more expensive and time consuming to resolve. Incorporate the use of the tool into your corporate processes and procedures –Changes should be simulated prior to submission. Rule definition process should be optimized –All objects aren’t needed all the time.

25 Goals of this session: Managing Segregation of Duties What is SOD? SOD Challenges SOD Solutions SOD Best Practices Questions/Discussion

26 Questions/Discussion: Managing Segregation of Duties ???

27 If you wish to contact us: Managing Segregation of Duties Donnie Looper: dlooper@eastman.com Jasvir Gill: jgill@virsasystems.com

28 Thank you for attending! Please remember to complete and return your evaluation form following this session. Session Code: 808

Download ppt "Managing Segregation of Duties (SOD) in R3 Session Code: 808 Donnie Looper, Eastman Chemical Company Jasvir Gill, Virsa Systems."

Similar presentations

Improving SOX Remediation Through Automated Testing of Internal Controls November 4, 2005.

Improving SOX Remediation Through Automated Testing of Internal Controls November 4, 2005.
Chapter 9. Performance Management Enterprise wide endeavor Research and ascertain all performance problems – not just DBMS Five factors influence DB performance.

Chapter 9. Performance Management Enterprise wide endeavor Research and ascertain all performance problems – not just DBMS Five factors influence DB performance.
Enhanced XA Security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services 704-814-0004.

Enhanced XA Security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services
Prerequisite Programme Training Guide

Prerequisite Programme Training Guide
The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.

The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.
OAUG SOX Panel Krista Ladd Oracle Applications Manager Silicon Image, Inc.

OAUG SOX Panel Krista Ladd Oracle Applications Manager Silicon Image, Inc.
Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney.

Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney.
Copyright © 2003 Americas’ SAP Users’ Group Authorizations in the Finance & Controlling Modules Ranvir Singh, Sherman Wright Business Analysts, LSI LOGIC.

Copyright © 2003 Americas’ SAP Users’ Group Authorizations in the Finance & Controlling Modules Ranvir Singh, Sherman Wright Business Analysts, LSI LOGIC.
Program Management Introduction / Networking Session 2901.

Program Management Introduction / Networking Session 2901.
1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations.

1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations.
Copyright © 2003 Americas’ SAP Users’ Group Segregation of Duties (SOD) Strategies, Techniques, and Tools Christopher Lane Manager – PricewaterhouseCoopers.

Copyright © 2003 Americas’ SAP Users’ Group Segregation of Duties (SOD) Strategies, Techniques, and Tools Christopher Lane Manager – PricewaterhouseCoopers.
Selecting and Implementing an LMS for your Company Session Code #2411.

Selecting and Implementing an LMS for your Company Session Code #2411.
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
Shooting The Moving Target…… Internal Controls & Segregation of Duties (SOD) Session Code: 503 Jasvir Gill, Virsa Systems Donnie Looper, Eastman Chemical.

Shooting The Moving Target…… Internal Controls & Segregation of Duties (SOD) Session Code: 503 Jasvir Gill, Virsa Systems Donnie Looper, Eastman Chemical.
SOA RECONCILIATION Financial Operations Internal Controls University Audits Information Technology Systems December 16, 2009.

SOA RECONCILIATION Financial Operations Internal Controls University Audits Information Technology Systems December 16, 2009.
U.S. Bank Payment Analytics Overview. Payment Fraud Trends 2 Reference: Association of Financial Professionals (AFP), 2011 Payments Fraud and Control.

U.S. Bank Payment Analytics Overview. Payment Fraud Trends 2 Reference: Association of Financial Professionals (AFP), 2011 Payments Fraud and Control.
Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.

Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.
© 2011 Financial Operations Networks LLC AP Policies and Internal Controls for Running a Tight Ship Panel: Susan Tinkler-Muller Mike Iverson Rob Rogers.

© 2011 Financial Operations Networks LLC AP Policies and Internal Controls for Running a Tight Ship Panel: Susan Tinkler-Muller Mike Iverson Rob Rogers.
Sales and Marketing Productivity Team 1 Added Value Analysis TOOL USED IN SALES AND MARKETING PRODUCTIVITY PROJECTS.

Sales and Marketing Productivity Team 1 Added Value Analysis TOOL USED IN SALES AND MARKETING PRODUCTIVITY PROJECTS.
What is Business Analysis Planning & Monitoring?

What is Business Analysis Planning & Monitoring?

Similar presentations

Ads by Google