You can set up rules to separate tasks that must be performed by different users. This concept is named segregation of duties. For example, you might not want the same person both to acknowledge the receipt of goods and to process payment to the vendor. Segregation of duties helps you reduce the risk of fraud, and it also helps you detect errors or irregularities. You can also use segregation of duties to enforce internal control policies.
Name | Responsible | Description |
---|---|---|
Set up segregation of duties rules |
Security administrator |
You can set up rules to separate tasks that must be performed by different users. This concept is named segregation of duties. For example, you might not want the same person both to acknowledge the receipt of goods and to process payment to the vendor. Segregation of duties helps you reduce the risk of fraud, and it also helps you detect errors or irregularities. You can also use segregation of duties to enforce internal control policies. Complete the following procedure to create a rule.
|
Validate segregation of duties |
Security administrator |
You can set up rules to separate tasks that must be performed by different users. This concept is named segregation of duties. Use
Validate segregation of duties to verify whether existing roles comply with new rules for segregation of duties. So, it validates intra-role compliance.
If any existing roles violate the selected rule, a message is displayed that contains the name of the role and the names of the conflicting duties. The security administrator must either indicate the mitigation for the security risk or modify the role so that it does not violate the rules for segregation of duties. If no roles violate the selected rule, a message indicates that all roles comply.
|
Verify compliance of user-role assignments |
Security administrator |
You can set up rules to separate tasks that must be performed by different users. This concept is named segregation of duties. Use Verify compliance of user-roles assignments to verify whether user role assignments comply with new rules for segregation of duties. So, it verifies inter-role compliance and user-level validations. A notification displays the results of the validation. When the definition of a security role or the role assignments of a user violate the rules, the conflict is logged. The security administrator must resolve all conflicts. Complete the following procedure to identify conflicts.
|
Use predefined segregation of duties rules on demand |
Security administrator |
You can set up segregation of duties rules to separate tasks that must be performed by different users. On demand, a predefined set of segregation of duties rules is available. These predefined segregation of duties rules are set up based on this risk identification matrix for several transaction types: You can upload the predefined segregation of duties rules in Data management. |
Resolve segregation of duties conflicts |
Security administrator |
You can set up rules to separate tasks that must be performed by different users. This concept is named segregation of duties. If on verification, the definition of a security role or the role assignments of a user violate the rules, the conflict is logged. All conflicts must be resolved by the security administrator. For each logged conflict, you can:
Complete the following procedure to view and resolve conflicts.
|