SoD Analysis and Remediation

Separation of Duties (SoD) violations are often caused by ineffective and noncompliant role designs. Many users inadvertently obtain access to sensitive functionality through the combining of security permissions, and access permissions are frequently left in place after job transitions. Leaving these SoD violations unaddressed opens an organization to fraud, security violations, operational inefficiencies, and compliance failings.  Companies are forced to spend excessive time and money attempting to remove unauthorized access privileges from the user community, while also incurring significant costs implementing and testing compensating controls.

SoD Remediation Solutions

To help clients identify and remediate SoD violations, the Focal Point ERP Advisory team has developed an analysis methodology that resolves SoD violations, corrects role design flaws, and reduces the cost of compliance. Our ERP experts use both internal SoD tools and industry leading diagnostic tools like ERP Maestro’s Access Analyzer for SAP and Absolute Technologies for Oracle EBS to identify and evaluate SoDs. Following our analysis, our team develops a remediation strategy that ranks each violation by the level of its risk to the organization.

By removing SoDs from your user community and developing a provisioning strategy that avoids them in the future, you are able to maximize the return from your ERP investment, minimize fraud risk, secure your data and enable long-term, sustainable compliance.

How We Do It

Our approach leverages the organization's process, procedures, GRC tools (if deployed) and previous successes. By doing so, our time is spent on what we were engaged to do, removing SoD’s and reducing fraudulent and financial reporting risk. To do this we:

• Extract existing GRC analysis results or export security tables
• Import extracted data into Sunera’s SoD Analysis DB
• Extract user usage data and import into Sunera’s SoD Analysis DB
• Evaluate SoD’s (based on business risks or industry best practice risks) and group violations into remediation categories (inherit role violations, likely shared authorized violation, and job responsibility violation).

To remediate the identified and remaining violations, we have developed two methods: role remediation and role redesign. Role remediation is best suited for organizations that have a strong role design structure and need minimum role changes. A role redesign is best suited for organizations that have significant flaws in the role design or ongoing struggles with provisioning user access privileges. Both methods have been designed to remove SoD violations, allowing an organization to extend access privileges to authorized users without increasing risk to the company.

The Benefits of an SoD Analysis

Focal Point's SoD analysis quickly pinpoints specific SoD issues within your organization, a process that can often take companies weeks to do, and provides clients with a step-by-step plan for mitigating these risks.

Other benefits include:

• An independent assessment from security and ERP system subject matter experts
• Increased ERP system security and reduced risk of fraud
• Recommendations based on organization-specific data
• Proven path to compliance and reduction in future compliance risks