Design & Implementation Rulesets (SOD’S)
An important GRC control is the segregation of duties and the granting of critical (system) authorizations in SAP. Setting up a good set of SOD-rules (Segregation Of Duties) and rules for critical (system) authorizations are of important for being ‘ in control ‘. Each software package for checking on SOD’s delivers a set of ‘ best practice ‘ analysis rules, with which reports can be made. Certainly for standard SAP systems such a basic analysis may give proper results. Customization and organization specific designs brings specific risks to the own SAP processes, so making a taylored set of control rules (ruleset) is a must.
In addition to SAP other systems can be relevant in the context of segregation of duties. This so-called cross system risks should also be taken into account in the analyses and reports. This requires a good knowledge of SAP authorizations and experience with rulesets. Fortunately, 2ARC authorizations and GRC-experts can help you with this. Know more? Please contact us!