Keep your Segregation of Duties in Good Shape
It’s not exactly hot news that Segregation of Duties (SoD) is the most effective way to prevent internal fraud on your ERP system.
Section 404 of Sarbanes-Oxley requires companies to document the existence and enforcement of appropriate Segregation of Duties controls with regards to IT. Auditors also recommend SoD – even for organizations who are not subject to SOX compliance.
So why don’t all businesses just do it?
The problem is that implementing and enforcing SoD in ERP systems has proven to be very challenging.
Purpose-built third-party solutions are often very expensive, and difficult to implement and manage, so many companies divert precious internal technical resources towards Segregation of Duties reporting, using spreadsheets and SQL scripts.
But due to the complexities of ERP security, it’s a very complicated and time-consuming process – and it’s often unreliable, failing to uncover risky access rights. And the amount of effort involved makes it unfeasible to repeat the reporting cycle frequently enough to identify and prevent security “creep.”
As a result, many businesses do what they can and keep their fingers crossed! Let’s face it, you can’t fix the issues if you don’t have a fail-safe way of finding them…
But is that really good enough when statistics suggest there’s a 1-in-3 chance that your business will experience fraud this year?
Segregation of Duties Reporting on Demand
What if there was a quick, easy and very affordable way to regularly report on your Segregation of Duties violations?
- It would give you the information that you need to fix SoD issues promptly.
- Where access rights have changed, it would help you to identify security creep that introduces fraud risks, so that you can close them down earlier
- Identifying and remediating SoD violations more frequently enables you to keep your controls in much better shape, reducing the amount of effort needed to prepare for your external audits.
- It would reduce the stress of external audits and allow you to approach them much more confidently, knowing that you’ve identified and remediated the risks and can produce evidence of compliance.
QCloud Audit as a Service gives you an efficient means of analyzing your SoD controls as often as you like. It delivers results within hours, with no demand on your technical team.
Do you need to find an easy yet reliable way to stay ahead of fraudsters and auditors? Find out more about QCloud Audit as A Service.