Update to all SSA-Baan users: Automated SOD Segregation of Duties scan now available

 

June 2006
 
 

How to achieve successful (SOD) Segregation of Duties validation with minimal cost & effort for your company

For all organizations seeking adequate governance (either related to a SOX certification or not), a proper Segregation of Duties (SOD) validation is critical. To protect the integrity of companies’ data & transactions and to prevent fraud, the SOD validation requires reviewing on a regular basis individuals’ access authorizations. For organizations with hundreds/thousands of employees and various corporate applications, this task is time consuming and requires significant resources. In most case, it simply cannot be done manually. To address this need, EZ-Compliance provides an automated SOD scan. Not only does it provide precisely who is able to access what across diverse applications, it also uses dynamic SOD Conflicts Rules to automatically identify SOD Conflicts, and this within only minutes. Finally, the combination of what-if simulation capabilities and the fact that the scan can be performed/scheduled on a daily basis enable your company to implement true "Preventive SOD Controls".

1- The dynamic SOD Scan engine:

Within minutes only, the EZ-Compliance SOD rule-based engine will:

  • Determine all employee accesses across diverse applications (Baan, Mapics, Oracle, SAP, etc…):

    • Which employees can access a selected application?

    • Which applications can be accessed by a selected employee?

    • Which applications and employees are linked to a selected user-role?

  • Scan the entire employee/applications access structure to dynamically identify all Segregation of Duties SOD conflicts

  • Send notifications to the appropriate process owner or department head to resolve identified conflicts

  • Perform the required conflict resolution and/or mitigation to satisfy auditors requirements

2- SOD Rules Library of Baan conflicting sessions:


Corporations using the Baan applications (all versions) can benefit of the pre-defined Baan conflicting sessions library. Acting as a valuable knowledge base (used by other Baan users to pass SOX certification successfully), this library includes more that 450+ Baan sessions and how they create SOD conflicts. Within minutes of being loaded, this library can be used by the SOD engine to scan your current Baan authorizations and report back all conflicts found. With little effort, you will know exactly which employee accesses are to be resolved, documented or mitigated. And since the scan process requires only minutes, you can launch it as often as needed or schedule it as a daily business control, keeping your SOD validation always accurate no matter the frequent changes made to the Employees -> Roles -> Applications structure.

For more information about the pre-defined Baan Conflicting Sessions SOD Library, visit http://www.ez-process.net/EZ-ProcessCD/ezcompliance_BaanSOD.htm

 

 

Customer testimonial:

For our first round, we came up with home made scripts, tables and spreadsheets along with countless hours of manual analysis. Not only was this a tedious task, the results of our analysis were good only as long as the Employee-Roles-Process-Applications relationships were not modified. Needless to say, when our SOD validation was completed, it was time to start it over again…”.

We have since then implemented the EZ-Compliance rules-driven SOD conflicts identification engine. In a manner of minutes we are able to scan thousands of users, roles, processes and applications! Not only we know precisely who is able to access what, we have direct visibility of any SOD conflicts for us to investigate, resolve and mitigate. In addition to saving us considerable effort, the EZ-Compliance solution will enhance the accuracy of our conflicts identification, critical to maintain our SOX certification for years to come”.

Director Finance Shared Services, Herman Miller
 

You whish to learn more ...

"I missed the SSAU 2006 sessions about SOD validation"
Simply visit the BWU/SSAU section at  http://www.ez-process.net/EZ-ProcessCD to view/download all presentation materials.

"I wish to read about the Herman Miller Customer Case Study."
Visit http://www.ez-process.net/EZ-ProcessCD (EZ-Compliance section - link #1) 

"I wish to have a personalized demo of the SOD Conflicts Scan"
 Only 30 minutes of your time are required to perform "live" (1) the Access Scan (what sessions/applications my users are able to access), (2) the Conflicts Scan (what SOD conflicts exist of them have such accesses) and (3) the Resolution Scan (to mitigate known conflicts). Simply indicate the date/time convenient to your agenda and we will take care of the web-demo invitation and telephone bridge setup.


Contact us at  SOD4Baan@EZ-Process.com
 


"I wish to see my own SOD conflicts"
At no cost, DynaFlow will scan your Baan users-sessions authorizations and provide you with a list of SOD conflicts identified by the EZ-Compliance scan. Try it today!

 .:

title

If you wish to unsubscribe for this Newsletter, simply reply with this email.