Segregation of Duties Handbook for ERP Auditors - ERP Access Controls Testing

The SafePaaS Handbook for Segregation of Duties for ERP Auditors covers everything to successfully audit enterprise applications for segregation of duties risks.

Segregation of duties risk growing as organizations continue to add users to their enterprise applications. Default roles in enterprise applications present inherent risks because the “seeded” role configurations are not well-designed to prevent segregation of duty violations. This risk is further increased as multiple application roles are assigned to users, creating cross-application Segregation of Duties control violations. Business managers responsible for SoD controls, often cannot obtain accurate security privilege-mapped entitlement listings from enterprise applications and, thus, have difficulty enforcing segregation of duty policies. The lack of standard enterprise application security reports to detect Segregation of Duties control violations in user assignment to roles and privilege entitlements can impede the benefits of enterprise applications.

Our handbook covers how to audit segregation of duties controls in popular enterprise applications using a top-down risk-based approach for testing Segregation of Duties controls in widely used ERP systems:

1. Segregation of Duties Controls
2. Risk-based Access Controls Design Matrix
3. Audit Approach for Testing Access Controls
4. Violation Analysis and Remediation Techniques
5. Security Model Reference Guide including Oracle E-Business Suite, Oracle ERP Cloud, J D Edwards, Microsoft Dynamics, NetSuite, PeopleSoft, Salesforce, SAP and Workday.