Académique Documents
Professionnel Documents
Culture Documents
Segregation of Duties
Presented By: Andy Vitullo
Logan Consulting
Presentation Objective
Page 2
What is Segregation of Duties?
Segregation of Duties (SOD)
An internal control designed to prevent error and fraud by ensuring that at least two individuals are
responsible for separate parts of a business process.
SOD involves
Breaking down tasks, within a process, that might reasonably be completed by a single individual into
multiple tasks so that no one person is solely in control.
Although it improves security, breaking tasks down into separate components can
Negatively impact business efficiency.
Increase costs, complexity and staffing requirements.
Page 3
Business Purpose of SOD
Page 5
Does QAD Support System Based SOD?
Yes!
Page 6
Components of QAD SOD
SOD Categories
An Collection of QAD Security Roles.
SOD Matrix
A Relationship of a SOD Category to All other SOD Categories.
Defines conflicted Categories.
SOD Policy Exceptions
User level definition allowing access to Menus that are in conflicting SOD
Categories.
Non system “Mitigating Controls” must be implemented!
Controller reviews all disbursement checks and physically signs the checks.
SOD Role Exclusion
Roles that do not require conflict management. i.e. Report Roles.
Page 7
Case Study
The Players:
The Company
External Auditors
SOX Compliance Consultants
ERP Consultants
Page 8
The Conditions
Page 9
Impact of Material Weakness
Page 11
Review Current Roles
Page 12
Review Current Roles
Access your saved file in Excel and the following file will appear
Page 13
Review Current Roles
Page 14
Review Roles for Internal Control Conflicts
Page 15
Roles Example
Page 16
Mitigate Privileged Access
Privileged Access = Superuser
A user that has unfettered Access to all Menu.
Superuser should only be used during implementation.
Superuser access is “OK” in test and development environments.
De-activate Unnecessary Roles
Create Report Roles
Example: Role: NFR – Non Financial Reports
Remove Superuser Role access to all Users except System
Roles.
No one person should have unfettered access to all menus
Page 17
Exclusions from SOD
Page 18
Set Up of Segregation of Duties – Process Flow
Page 19
QAD SOD Functionality
Page 20
Role Permissions
Page 21
Role Permissions
Page 22
Role Membership
Page 23
Role Membership Maintain - View
Page 24
Role Membership to Role Permission Relationship
Page 25
Role Membership to Role Permission Relationship
Page 26
SOD Policy Exceptions
Page 27
SOD Policy Exception - View
Page 28
SOD Import/Export
Page 29
Import SOD Configuration
Page 30
SOD Import/Export Application Window
Page 31
SOD Matrix Maintain
Page 32
SOD Configuration Application Window
Page 33
SOD Configuration
Page 34
No One Person Has Privileged Access
Page 36