Cross-application Segregation of Duties
The importance of cross-application capabilities in Segregation of Duties solutions
As businesses move away from single ERP systems supporting key processes to multiple best-of-breed applications to maximize business performance, the ability to identify segregation of duties risk across the whole enterprise becomes increasingly more important.
Businesses today are running both on-premise and cloud applications as well as multiple systems, all of which are interconnected making it a real challenge to achieve complete visibility into risk. IT landscapes are becoming more challenging and complex, hybrid work models becoming more prominent as well as the addition of cloud applications that organizations are buying like hotcakes! The need for a holistic view of risk across the entire enterprise is paramount.
It is not unusual, especially in large enterprise customers, to find sets of data in different ERPs. For example, supplier master data may be stored in one ERP such as Oracle e-Business Suite, or ERP Cloud and transaction data in another such as Workday. Many organizations run their business on many applications, sometimes even hundreds making it a real challenge to mitigate risk effectively and provide assurance to external auditors, management and stakeholders.
Segregation of duties is where most organisations struggle – it’s quite often the weakest area. This is mainly due to complex ERP security models, roles and responsibilities not being well defined as well as a lack of internal knowledge.
Organizations must ensure that employees are given the right amount of access they need to carry out their job without jeopardizing security and compliance.
Solutions, such as SafePaaS, that provide the ability to view risk across multiple ERP systems and applications, make it easier for enterprises to focus on what really matters and achieve peace of mind that their business-critical applications are safeguarded.
Common segregation of duties risk that go across businesses include:
Common segregation of duties risk that go across businesses include:
Procure to pay process. We find that organizations may purchase orders in one system and process payments in another.
Hire to retire process. In our experience, we find that organizations may process payroll in one system and store employee master data in another.
Order to cash process. For example, businesses may book orders through CRM systems but process the invoice through another.
If you’d like to have a conversation to see how SafePaaS can help with cross-application segregation of duties, please contact us.
Recommended Resources
Why is Segregation of Duties Important?
Segregation of Duties is an internal control that prevents a single person from completing two or more tasks in a business process. Organizations require Segregation of Duties controls to separate duties among more than one individual to complete tasks in a business process to mitigate the risk of fraud, waste and error.
What are some common examples of Segregation of Duties?
Segregation of Duties is an essential internal control in any organisation designed to prevent fraud and error. It’s an elementary component of any internal control system. This internal control ensures that more than one person is required to complete the various tasks required to complete a business process.
Top 5 Reasons to Automate Controls
Application controls apply to the business processes they support. These controls are designed within the application to prevent or detect unauthorized transactions. When combined with manual controls, as necessary, application controls ensure completeness, accuracy, authorization and validity of processing transactions.