SAP / Oracle - Segregation of Duties
Managing the broad set of activities supported by the fully integrated suite of SAP / Oracle business applications, in addition to the embedded IT controls, can present a series of challenges for some organisations. These systems require specialist knowledge to fully understand the associated configurations and controls.
Segregation of Duties controls represent a vital component for establishing an effective internal control system. Segregation of Duties controls should be designed to establish that no single individual inappropriately handles all aspects of a transaction cycle or business process. The lack of effective Segregation of Duties controls among those who perform business procedures, increases the risk of undetected error and provides the opportunity to misappropriate assets or conceal intentional misstatements.
PwC can bring the resources, expertise and tools to review the actual SAP / Oracle authorisations, to pinpoint the real causes of potential security flaws and Segregation of Duties conflicts and to indicate how to enhance the SAP / Oracle authorisation concept.
If you:
- Need assistance in assessing the Segregation of Duties and sensitive access associated with your system.
- Need assurance that direct data access risks within your SAP / Oracle environment are appropriately addressed.
- Are unsure as to whether your SAP / Oracle system has been correctly configured to mitigate financial and operational risks.
- Need assistance in identifying and documenting business processes and associated controls.
Then PwC can help you
PwC has a team of SAP / Oracle trained individuals who can assist organisations in defining and enforcing appropriate levels of security. This team is experienced in assessing security within the SAP / Oracle environment and focuses on providing meaningful and practical solutions.
PwC developed a suite of tools, processes and relationships to effectively and efficiently assess the design and operating effectiveness of the controls. These comprise three complementary areas:
- Technology Systems – PwC developed an industry leading tools called Automated Controls Evaluator (ACE) and GATE. The purpose of these tools is to analyse SAP / Oracle security settings and identify privileged access and potential Segregation of Duties issues accurately and efficiently. Our tools come with a set of pre-defined Segregation of Duties conflicting cases. These cases include the required transaction codes, authorisation objects and field values necessary to enable meaningful results which are representative of the levels of access any particular user has been granted. We can work with you to evaluate whether security is operating as designed, including performing a detailed analysis of Segregation of Duties matrices, sensitive access and the security administration process.
- Methodologies – Comprehensive proprietary practice aids and work programmes that provide a baseline of key controls over financial and operational reporting for the respective business cycles.
- Data Analysis – Our team can work with you to extract transactional data from the SAP / Oracle system and perform analysis to assist in identifying and resolving issues regarding the reliability of data.
- Christos Tsolakis
- Partner - Risk Assurance Consulting
- Tel: +357-22555000
- Fax: +357-22555001
- Internal Audit
- Internal Controls Optimisation
- IT General Controls (ITGCs) Review
- Information Technology (IT) Risk Diagnostic and Benchmarking
- Project Implementation Assurance (PIA)
- SAP / Oracle - Segregation of Duties
- Regulatory Compliance
- Spreadsheet Integrity Review
- Computer Assisted Audit Techniques (CAATs)
- ISO27001 - Information Security Management Systems