Segregation of Duties
The rights granted to users within ERP systems, if allocated improperly, create a risk of error or fraud in the organization's activities.
Our analysis tools allow us to cover the majority of ERP systems on the market, both accounting and non-accounting (SAP, Oracle, MS Dynamics, Salesforce, etc.), and to detect incompatibilities and conflicts with the principles of separation of functions with regard to current user rights.
Based on these analyses, you can correct and adjust the rights granted to users or consider the implementation of compensatory controls. Manual Segregation of Duties (SoD) analysis, licensing and implementation costs associated with the implementation of a CRM solution and, above all, the complexity of defining an appropriate SoD matrix for the various ERPs require a significant investment (implementation costs, recurring licensing fees).
Our Segregation of Duties solution allows you to meet these challenges.
Benefits of Segregation of Duties
An agile solution to deploy with the ability to perform analysis runs on your SOD at a controlled cost.
Our tools natively integrate standard SOD conflict libraries adapted and prepared to fit your ERP.
Our SOD analysis tools provide an immediate view of the existing separation of duties conflicts within your organization from an IS perspective. It is an essential tool for monitoring and reassuring yourself about the rights granted to your users and a means of reinforcing your internal control in order to align with best practices in terms of user access management.
Jean de Laforcade, IT & Risk Partner, PwC France and Maghreb
- Setup and analysis for a company on its different processes (without adaptation of conflict libraries)
- Complementary run : from 6.000€.
- Setup and analysis for a company on its different processes (with adaptation of conflict libraries)
- Complementary run : from 6.000€.
Book a demo
F.A.Q
What is the scope of applications that can be covered by the SOD analysis?
It is possible to cover most of the ERP on the market (SAP, Oracle, Microsoft, Salesforce, Workday...).
What is the nature of the data collected to conduct the analysis?
Only the data necessary for the analysis (user accounts, associated privileges) are collected, pseudonymized if necessary, and loaded into our SoD analysis tools.
How to provide the data needed for analysis?
The analyzed data will be extracted from your information system either by executing a script that we communicate to your IT teams, or by setting up a connector if the analyzed ERP is in SaaS mode.
Where is the analyzed data stored?
The analyzed data are stored as appropriate :
- within PwC's IT infrastructure
- within partners' cloud infrastructures
These IT infrastructures have high levels of security in accordance with best practices and recurrent certifications following independent audits (SOC 2 report).