Segregation of Duties
The rights granted to users within ERP systems, if allocated improperly, create a risk of error or fraud in the organization's activities.
Our analysis tools allow us to cover the majority of ERP systems on the market, both accounting and non-accounting (SAP, Oracle, MS Dynamics, Salesforce, etc.), and to detect incompatibilities and conflicts with the principles of separation of functions with regard to current user rights.
Based on these analyses, you can correct and adjust the rights granted to users or consider the implementation of compensatory controls. Manual Segregation of Duties (SoD) analysis, licensing and implementation costs associated with the implementation of a CRM solution and, above all, the complexity of defining an appropriate SoD matrix for the various ERPs require a significant investment (implementation costs, recurring licensing fees).
Our Segregation of Duties solution allows you to meet these challenges.
Benefits of Segregation of Duties
An agile solution to deploy with the ability to perform analysis runs on your SOD at a controlled cost.
Our tools natively integrate standard SOD conflict libraries adapted and prepared to fit your ERP.
Simplified collection of user rights data from the customer's ERP
For Cloud solutions: via the installation of a plugin by the ERP administrator (plugin reviewed and authorized by the main ERP editors, such as Microsoft or Oracle). For on-premise solutions: data extraction using a SQL script provided by PwC.
Automated conflict analysis based on a SOD matrix fitting your ERP
List of incompatibilities based on internal control best practices.
Identified incompatibilities conferred to date with respect to segregation of duties.
Identified fraud risks and library of pre-planned controls against theoretical conflicts.
Tailoring to client context and standard SOD matrix which highlights the list of proven incompatibilities.
List of incompatibilities of rights granted to individuals that lead to a risk of fraud.
SOD conflict resolution
Presentation of identified SOD conflicts for resolution.
Additional analysis to identify remaining incompatibilities after adjustment/removal of user rights
Recurring analyses on an annual or quarterly basis.
Review of user rights profiles / review of the SOD matrix
Adaptation of the standard SOD matrix to fit the client organizational context.
Launch analysis to get a tailored view.
Assistance in the review of the rights granted to individuals.
- Setup and analysis for a company on its different processes (without adaptation of conflict libraries)
- Complementary run : from 6.000€.
- Setup and analysis for a company on its different processes (with adaptation of conflict libraries)
- Complementary run : from 6.000€.
Book a demo
What is the scope of applications that can be covered by the SOD analysis?
It is possible to cover most of the ERP on the market (SAP, Oracle, Microsoft, Salesforce, Workday...).
What is the nature of the data collected to conduct the analysis?
Only the data necessary for the analysis (user accounts, associated privileges) are collected, pseudonymized if necessary, and loaded into our SoD analysis tools.
How to provide the data needed for analysis?
The analyzed data will be extracted from your information system either by executing a script that we communicate to your IT teams, or by setting up a connector if the analyzed ERP is in SaaS mode.
Where is the analyzed data stored?
The analyzed data are stored as appropriate :
- within PwC's IT infrastructure
- within partners' cloud infrastructures
These IT infrastructures have high levels of security in accordance with best practices and recurrent certifications following independent audits (SOC 2 report).