Segregation of Duties Management
Segregation of Duties reporting without the pain
But many organizations struggle to manage SoD processes with complicated spreadsheets and time-consuming manual checks.
World SoD automates the process and enables you to identify violations quickly. It allows you to maintain detailed rules that reflect your company’s SoD policy, then analyze your access model against them, reporting any violations found for further investigation.
It can also help to reduce your risk of fraud and avoid compliance issues by carrying out preventive Segregation of Duties checks before new access rights are granted.
- Reliable SoD controls for much less effort
- Quickly answer auditors' questions and produce the evidence they need
- Quickly detects SoD violations that exist within your system
- Reduce risk with preventive SoD checks before new access rights are granted
Check new access rights for potential SoD conflicts before the new access is granted. The checks apply whether updates are carried out via Action Code security, Function Key security or Report Writer Form security, and take into account all objects assigned to the User/Group.
Mitigations can be applied to prevent false positives being highlighted where users need to be assigned access that contravenes your SoD policy, perhaps due to temporary cover during staff absence. The reason for the mitigation can be documented as evidence for auditors.
A starter set of SoD rules is supplied, which can be quickly adapted to suit your organization’s specific policies.
The SoD framework allows you to define SoD rules that are as simple or complex as you need them to be. Functions can be declared as collections of programs or specific screens and function keys. With AND/OR logic you can specify and report against an almost infinite combination of SoD rule definitions
When used in conjunction with World Config, World SoD takes into account the permissions activated by Multiple Roles assignments when checking for security violations.
Violations can be viewed/reported by user, program or role.