Académique Documents
Professionnel Documents
Culture Documents
execute all
activities in
a business
process without
approvals
create a fictious
vendor
post an invoice
process
operations
omitting control
steps
approve payment
for the invoice
sign-off and
reconcile bank
statement
display or
change sensitive
operational and
financial data
1
M
on
ito
r
&
ss e
se at
As valu
E
People
t&
en te
em ia
pl e d
Im Rem
P
De lan
sig &
n
Assess &
Evaluate
Implement &
Remediate
Monitor &
Operate
Identify users
with excessive
access rights in
ERP;
Establish the
SOD program;
Develop &
Implement SOD
Matrix;
SOD risk
awareness;
Evaluate access
& security
controls for
ERP;
Map internal
controls to SOD
conflicts;
Remediate
identified SOD
conflicts;
Identify
overlapping
controls;
Implement
unified
mitigating
controls;
Regular SOD
checks &
user access
reviews;
Process
Run Security
Assessment
for ERP and/or
GRC systems.
Standardize
controls across
organizations;
Technology
Run Security
Assessment for
ERP and/or GRC
systems.
Design security
dashboard;
Streamline
user access
management
processes
with SOD
verification;
Implement
unified
processes for
user access
management;
Security
Dashboard;
Monitor
effectiveness
of the process;
Automate the
process;
Contacts
For more information, please contact:
Erik Luysterborg
+32 2 800 23 36
eluysterborg@deloitte.com
Joanna Kazimierska
+32 2 800 23 51
jkazimierska@deloitte.com
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (DTTL), its network of
member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred
to as Deloitte Global) does not provide services to clients. Please see www.deloitte.com/about for a more detailed description of DTTL and
its member firms.
Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally
connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and high-quality service to clients,
delivering the insights they need to address their most complex business challenges. Deloitte has in the region of 200,000 professionals, all
committed to becoming the standard of excellence.
2783
This publication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities
(collectively, the Deloitte Network) is, by means of this publication, rendering professional advice or services. Before making any decision or
taking any action that may affect your finances or your business, you should consult a qualified professional adviser. No entity in the Deloitte
Network shall be responsible for any loss whatsoever sustained by any person who relies on this publication.