Menu

Menu

Menu

Menu

Featured

CEO Survey: A look inside the minds of Canadian CEOs

Director connect: Bringing you the latest boardroom perspective

Shift podcast: Amplifying the voice of industry experts

Loading Results

hero image

An all-in-one solution, built on Workday, to monitor user access, manage segregation of duties, and enhance business security.

Built on Workday app for segregation of duties and sensitive access

In today's world of increasing cyber security and access control risks fuelled by cloud adoption, it is critically important for organizations to understand and monitor the effectiveness of their access controls over Workday. Testing segregation of duties (SoD), sensitive access (SA), and conducting security assessments can be challenging and time-consuming if done manually.

The segregation of duties (SoD) and sensitive access (SA) app is an automated solution designed to enable organizations to proactively manage access risks and enable compliance directly within the Workday environment. The app continuously monitors security configurations to identify SoD and sensitive access violations, providing both real-time oversight and preventative “what-if” simulations before provisioning user access.

Organizations can quickly deploy the app using PwC-curated leading-practice rule sets, and they can customize these rules to align with their specific operating models. The solution features a case management workflow that facilitates efficient triage of findings, real-time review commentary, documentation of changes, and finalization of assessments for closure. These capabilities are supported by executive-level dashboards and reports, as well as advanced search functionality for in-depth analysis of users and security groups. 

Our approach

Our approach streamlines Workday security assessments by quickly finding and addressing conflicts to reduce risks arising from errors or even fraud. By actively seeking out and resolving access issues, we help you better manage your control systems and protect against segregation of duties and sensitive access violations.

Using our proprietary library of SoD/SA rule sets and business abilities mapping to Workday functionality (business processes and domains), we tailor assessments to your specific Workday configuration, automating testing and generating valuable data for decision making. The app helps organizations elevate security posture, improve audit readiness, and cut the ongoing effort of maintaining Workday access controls. This can reduce compliance overhead and effort by up to 75%.

 

Key benefits you can expect:

Efficiency

Conduct testing of SoD/SA controls quickly with less risk of manual errors, reducing your overall cost of compliance and unlocking capacity for Internal Audit and Compliance teams to focus on strategic activities.

Compliance

Addressing SoD/SA controls enables regulatory requirements and industry standards to be met, reducing potential audit findings or deficiencies.

Improved analytics and reporting

Advanced analytics, custom change management reporting, and user-friendly interactive dashboards to easily detect anomalies and enhance transparency for executive-level reporting and insights.

How we can help

Workday controls advisory

In addition to the automated SoD/SA analysis, we can help you remain compliant and stay ahead of risks by:

  • Assessing your Workday controls environment more broadly and providing feedback on whether key risk areas have been appropriately addressed with sufficient controls.
  • Providing feedback on whether your Workday configuration is aligned to leading industry and security standards to mitigate your risk exposure and comply with regulatory requirements, such as the Sarbanes-Oxley Act (SOX).
  • Identifying control automation opportunities to increase efficiencies, reduce manual effort, and improve auditability.

Leading practice rule set

PwC’s SoD/SA Assessment Solution gives you access to leading practice controls and rules to be enforced, monitored and tested. These rules cover all Workday modules, including finance, human capital management and payroll.

We’ll work with you to define the scope of SoD/SA rules to be tested. We’ll also tailor the rule set to fit your needs, taking into account any custom rules you want to test.

Root cause analysis and remediation

The app will inform you of the root cause of each conflict, which may stem from poor Workday configuration, inappropriate role assignments, or lack of business controls to mitigate the risk. Users can easily track and remediate the identified conflicts through the case management functionality.

We can also work with you to create a remediation plan to eliminate the conflicts, including proposed configuration changes or other compensating controls.  

Exclusive app functionalities

The Built on Workday app comes preloaded with a suite of exclusive, preconfigured capabilities:

  • Access simulations: You can now simulate and validate Workday access before it’s granted. This exclusive feature lets you preview and assess user- and group-level permissions in a safe, pre-live environment. This helps reduce exposure, enforce least privilege, and reduce audit findings.  

  • Conflicts case management: A streamlined workflow for managing identified security defects enhances cross-team collaboration. The workflow includes project management tools to track remediation, and it maintains a complete, audit-ready trail for past changes. Clear status indicators for every case give executives an at-a-glance view of remediation progress and associated risk.

  • Cloud-native, tenant-contained: Your Workday data stays entirely within your tenant—it never leaves your environment. We built the app with data governance in mind to protect data privacy and help prevent leakage and exposure of sensitive information. PwC delivers regular app updates with new features and continuous security enhancements.

Bring Workday security at your fingertips

One app. Full visibility. Total control over your security configurations

Related services

Risk Advisory Services Workday

{{filterContent.facetedTitle}}

Contact us

Rolandi Treska

Rolandi Treska

Partner, National Enterprise Technology Risk Solutions Leader and GRC Technology Leader, PwC Canada

Tel: +1 647 834 5025

Email
Aurélie Olives

Aurélie Olives

Partner; National Workday Business Unit Leader, PwC Canada

Tel: +1 905 815 6315

Email
Hide

© 2018 - 2026 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.