Managing Segregation of Duties (SOD) in R3 Session Code: 808 Donnie Looper, Eastman Chemical Company Jasvir Gill, Virsa Systems.

Slides:

Advertisements

Similar presentations

Improving SOX Remediation Through Automated Testing of Internal Controls November 4, 2005.

Advertisements

Chapter 9. Performance Management Enterprise wide endeavor Research and ascertain all performance problems – not just DBMS Five factors influence DB performance.

Enhanced XA Security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services

Prerequisite Programme Training Guide

The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.

OAUG SOX Panel Krista Ladd Oracle Applications Manager Silicon Image, Inc.

Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney.

Copyright © 2003 Americas’ SAP Users’ Group Authorizations in the Finance & Controlling Modules Ranvir Singh, Sherman Wright Business Analysts, LSI LOGIC.

Program Management Introduction / Networking Session 2901.

1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations.

Copyright © 2003 Americas’ SAP Users’ Group Segregation of Duties (SOD) Strategies, Techniques, and Tools Christopher Lane Manager – PricewaterhouseCoopers.

Selecting and Implementing an LMS for your Company Session Code #2411.

Office of Inspector General (OIG) Internal Audit

Shooting The Moving Target…… Internal Controls & Segregation of Duties (SOD) Session Code: 503 Jasvir Gill, Virsa Systems Donnie Looper, Eastman Chemical.

SOA RECONCILIATION Financial Operations Internal Controls University Audits Information Technology Systems December 16, 2009.

U.S. Bank Payment Analytics Overview. Payment Fraud Trends 2 Reference: Association of Financial Professionals (AFP), 2011 Payments Fraud and Control.

Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.

© 2011 Financial Operations Networks LLC AP Policies and Internal Controls for Running a Tight Ship Panel: Susan Tinkler-Muller Mike Iverson Rob Rogers.

Sales and Marketing Productivity Team 1 Added Value Analysis TOOL USED IN SALES AND MARKETING PRODUCTIVITY PROJECTS.

What is Business Analysis Planning & Monitoring?

Integrated Security Solutions © 2006 TK Consulting, LP realtime Confidential March 11, 2007 APM Demo.

The Islamic University of Gaza

NorthEast Regional Council The Institute of Management Accountants Saturday, January 28, 2012 Bryant University.

SAP GRC access ULg Pierre Blauwart – Project Manager HERUG BvD-it Confidential.

An EDI Testing Strategy Rosemary B. Abell Director, National HIPAA Practice Keane, Inc. HIPAA Summit IV April 24-26, 2002.

© 2014 Equity Administration Solutions, Inc. All rights reserved. 1 Four Fundamentals of Financial Reporting for Equity Compensation Kathy Biddle, CEP.

Continuous Monitoring for Enterprise Applications: Real Needs, Real Solutions. November 22, th Continuous Assurance and Auditing Symposium Newark,

Segregation of Duties for Infor-Lawson Software 1.

FCS - AAO - DM COMPE/SE/ISE 492 Senior Project 2 System/Software Test Documentation (STD) System/Software Test Documentation (STD)

Online | classroom| Corporate Training | certifications | placements| support CONTACT US: MAGNIFIC TRAINING INDIA USA :

IT Service Delivery And Support Week Eleven – Auditing Application Control IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA.

1 APS’ Customer Advisory Group Training Comptroller of Public Accounts’ Post Payment Audit May 18, 2004.

PwC *connectedthinking Monitoring and Auditing Around Government Pricing Peter J. Claude PricewaterhouseCoopers LLP November 7, 2005.

The Audit as a Management Tool Vermont State Auditor’s Office – April 2009.

Fundamentals I: Accounting Information Systems McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Concur Copyright © 2008 A Unified Invoicing Solution  Coding and allocations  Automated workflow  Data integrity/detail  New vendor requests  Audit.

Welcome to AP 310: Vendor Processing. Please set cell phones and pagers to silent Refrain from side discussions. We all want to hear what you have to.

] COREY PEARSON [ ASUG INSTALLATION MEMBER MEMBER SINCE: 2008 CHAVONE JACOBS [ ASUG INSTALLATION MEMBER MEMBER SINCE: 2003 ALLAN FISHER [ ASUG INSTALLATION.

University of Minnesota Internal\External Sales “The Internal Sales Review Process” An Overview of What Happens During the Review.

PRESENTATION TITLE Presented by: Xxxx Xxxxx. Providence Health & Services Very large Catholic healthcare system 33 hospitals in AK, CA, MT, OR, WA 65,000.

1 Banking and Reconciliation. 2 To Certify As A Cash Handler  Visit the training website  Review the Payment Card Industry (PCI)

ISO 9001:2015 Subject: Quality Management System Clause 8 - Operation

Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.

Security. Audit. Compliance.

Collaboration Process 1. IC Objectives and Risk Tolerances Define, document, and implement top-down internal control objectives and risk tolerances: 

Building a Sound Security and Compliance Environment for Dynamics AX Frank Vukovits Dennis Christiansen Fastpath, Inc.

How to Guide: Performance Feedbacks Learn how to complete, upload and publish Performance Feedback forms.

SAP GRC(Governance Risk and Compliance)/SECURITY ONLINE TRAINING  Magnific Name : SAP GRC/SECURITY 24*7 Technical support  faculty : Real time Experience.

Copyright 2015 reIMAGINE 2015 Journyx Advanced Time, Expense and Resource Management for Microsoft Dynamics Presented by Brian.

Electronic – Statutory Financial Return (E-SFR) Timae Flood Bermuda Monetary Authority.

SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.

FOR MORE informative DECISIONS

SAP GRC(Governance Risk and Compliance) online tutorial

Security. Audit. Compliance.

Citrix: Proactively Addressing Enterprise Wide Access Compliance with SAP® Access Violation Management Company Citrix Systems Inc. Headquarters Ft. Lauderdale,

SAP GRC(Governance Risk and Compliance)/SECURITY ONLINE TRAINING UK

Standards and Certification Training

Internal Controls.

OAUG SOX Panel Scott Tang, Project Manager

An EDI Testing Strategy

Uploading Data in the Staff Interchange

1 Stadium Company Network. The Stadium Company Project Is a sports facility management company that manages a stadium. Stadium Company needs to upgrade.

for the year ended 31 December 2016

SAP GRC(Governance Risk and Compliance) online tutorial

{Project Name} Organizational Chart, Roles and Responsibilities

Kristie Courtney & Sonya Emmart

Internal Controls.

Internal Controls.

Presentation transcript:

Managing Segregation of Duties (SOD) in R3 Session Code: 808 Donnie Looper, Eastman Chemical Company Jasvir Gill, Virsa Systems

Goals of this session: Managing Segregation of Duties What is SOD? SOD Challenges SOD Solutions SOD Best Practices Questions/Discussion

What is SOD? Managing Segregation of Duties SOD - “Segregation of Duties” –Most definitions include something along the lines of: “Internal controls intended to prevent or reduce the risk of errors/fraud, identify problems, and ensure corrective action is taken.”

What is SOD (continued) ? Managing Segregation of Duties SOD objectives: –Avoid conflicting access and reducing risk of fraud –Ensuring system stability/integrity is not at risk. Examples of SOD’s: –Create a Vendor & pay a Vendor –Process Sales Orders & Rebates Mitigating Controls (Compensating Controls): –Accept risk for situations (i.e. limited staff) by running specialized reports or developing additional controls.

Goals of this session: Managing Segregation of Duties What is SOD? SOD Challenges SOD Solutions SOD Best Practices Questions/Discussion

SOD Challenges: Managing Segregation of Duties Building/Upgrading SOD Data (Rules) Automating SOD Analysis Proactive/Ongoing SOD Compliance Documenting Mitigating Controls

SOD Challenges: Managing Segregation of Duties Building/Upgrading SOD Data (Rules) –How do you build a good set of data relevant to your needs? –How do you upgrade SOD rules in the future?

SOD Challenges: Managing Segregation of Duties Building/Upgrading SOD Data (Rules) Automating SOD Analysis Proactive/Ongoing SOD Compliance Documenting Mitigating Controls

SOD Challenges: Managing Segregation of Duties Automating SOD Analysis –How can you automate SOD analysis at all levels (User, Role, Profile, Composites)?

SOD Challenges: Managing Segregation of Duties Building/Upgrading SOD Data (Rules) Automating SOD Analysis Proactive/Ongoing SOD Compliance Documenting Mitigating Controls

SOD Challenges: Managing Segregation of Duties Proactive/Ongoing SOD Compliance –How do you ensure that once your system is clean it remains clean (free of SOD issues)?

SOD Challenges: Managing Segregation of Duties Building/Upgrading SOD Data (Rules) Automating SOD Analysis Proactive/Ongoing SOD Compliance Documenting Mitigating Controls

SOD Challenges: Managing Segregation of Duties Documenting Mitigating Controls –How do you automate Risk Mitigation Controls and use them in SOD analysis/resolution?

Goals of this session: Managing Segregation of Duties What is SOD? SOD Challenges SOD Solutions SOD Best Practices Questions/Discussion

SOD Solutions: Managing Segregation of Duties Building/Upgrading SOD Data (Rules) Automating SOD Analysis Proactive/Ongoing SOD Compliance Documenting Mitigating Controls

SOD Solutions (Building SOD Rules): Managing Segregation of Duties Identify user community Management Support (Proactive) Rule Database starting point: –Vendor Supplied Rules –Internal Control Standards For Your Company –Information from Other Contacts (ASUG, etc…) Customizing rules to meet your needs Automate the development of rules

SOD Solutions: Managing Segregation of Duties Building/Upgrading SOD Data (Rules) Automating SOD Analysis Proactive/Ongoing SOD Compliance Documenting Mitigating Controls

SOD Solutions (Automating SOD Analysis): Managing Segregation of Duties A tool is needed ( Ad hoc solutions don’t work) Tool must fully automate SOD analysis: – At the role level, user level, transaction code level and authorization object level. Tool must automate SOD rule definition, validation and customization. Tool should provide corrective analysis.

SOD Solutions: Managing Segregation of Duties Building/Upgrading SOD Data (Rules) Automating SOD Analysis Proactive/Ongoing SOD Compliance Documenting Mitigating Controls

SOD Solutions (Ongoing SOD Compliance): Managing Segregation of Duties Ensure compliance when either roles are changed or assigned to users All additions and modifications should have “What-If” scenarios performed The tool should fully automate simulation and be based on live data (Users & Roles)

SOD Solutions: Managing Segregation of Duties Building/Upgrading SOD Data (Rules) Automating SOD Analysis Proactive/Ongoing SOD Compliance Documenting Mitigating Controls

SOD Solutions (Documenting Mitigating Controls): Managing Segregation of Duties Tool must provide: –Online definition and documentation of the mitigating controls –Capability to define: Controls at the User, Role or Rule Level Mitigation approvers and monitors Validity date for mitigation controls –Analysis with/without mitigation controls

Goals of this session: Managing Segregation of Duties What is SOD? SOD Challenges SOD Solutions SOD Best Practices Questions/Discussion

SOD Best Practices: Managing Segregation of Duties Identify and resolve issues at the earliest phase possible. –Once SODs creep into PRD they are more expensive and time consuming to resolve. Incorporate the use of the tool into your corporate processes and procedures –Changes should be simulated prior to submission. Rule definition process should be optimized –All objects aren’t needed all the time.

Goals of this session: Managing Segregation of Duties What is SOD? SOD Challenges SOD Solutions SOD Best Practices Questions/Discussion

Questions/Discussion: Managing Segregation of Duties ???

If you wish to contact us: Managing Segregation of Duties Donnie Looper: Jasvir Gill:

Thank you for attending! Please remember to complete and return your evaluation form following this session. Session Code: 808