As businesses move away from single ERP systems supporting key processes to multiple best-of- breed applications to streamline Customer Relationship Management (CRM), Procurement Management, Supply Chain Management (SCM), Human Capital Management (HCM) as well as Secondary ERP systems to maximize business performance, the ability to detect segregation of duties risk across the enterprise becomes increasingly more important.

Businesses today are running both on-premise and cloud applications as well as multiple systems, all of which are interconnected making it a real challenge to achieve complete visibility into risk. IT landscapes are becoming more challenging and complex, and hybrid work models are more prominent with the rapid adoption of SaaS cloud applications. The first generation Segregation of Duty tools (“Point Solutions”) that were deployed to protect a single ERP system no longer scale to meet today´s audit standards for completeness and accuracy to ensure effective enterprise-wide access controls. The need for a holistic view of access controls across the entire enterprise is paramount.

It is not unusual, especially for enterprise customers, to find critical data for financial disclosure in multiple IT systems. For example, financial information stored in one ERP such as Oracle E- Business Suite, or ERP Cloud, and the sub-ledger transactions such as sales orders and purchase orders in another system like Salesforce, Coupa, or Ariba. Segregation of duties is where most organizations struggle – it’ s quite often the weakest area for controls testing. This is mainly due to complex ERP security models, roles and responsibilities not being defined at the fine-grained level as well as a lack of internal knowledge.

The latest enhancement to Rules Management enables SafePaaS customers to perform Segregation of Duty testing across multiple applications by creating cross-application rules logic. Now you can create a rule in SafePaaS to select a single ERP data source or many different data sources (cross-application rule.) When you select a cross-application rule you can select activities that are performed in more than one application. The SafePaaS violation engine runs the rules against different data sources and analyzes the violations across those different data sources where the security models are different in multiple applications.When the violations are generated, the users can see violations across multiple applications.