What is SAP Authorization Review & Segregation of Duties (SoD)?
Authorizations in SAP system is a complex area and requires detailed understanding of both SAP authorization concepts (such as authorization objects, authorizations, profiles, roles and user master records) and business processes (such as financial accounting, procurement and sales).The purpose of authorizations review is to ensure that user access is based on their responsibilities and users are not assigned any additional access.
Segregation of Duties (SoD), on the other hand, ensures that no one individual has complete control over major phase of a process and is typically enforced through a combination of authorizations and compensating controls
Approach & Methodology
SoftScheck’s SAP Authorizations Review and Redesign Methodology is based on softScheck’s extensive experience in the area of SAP authorizations review and redesign. This is a comprehensive methodology and consists of following three components.
The SAP authorizations and SoD review utilizes the first two components of the methodology while the third component is utilized for redesign engagement.
The methodology is based on a risk-based approach, which goes beyond the symptoms to identify ‘root causes. This results in the following benefits: