Segregation of Duties (SoD) conflicts occur when a single user has the ability to perform both sides of a transaction, such as create a new vendor and then have the ability to issue payments to that vendor. These situations carry the risk of a person fraudulently creating a dummy vendor tied to their personal bank account and then funnel company payments to that phony vendor.
Identify Segregation of Duties Risk in SAP Custom Code with Fastpath
Custom code in SAP provides incredible flexibility to the platform but also makes it easy to introduce risk by inadvertently granting permissions to roles that constitute an SoD violation.
Traditional SoD assessment tools work well to identify potential SoD conflicts and letting users take steps to mitigate or eliminate those conflicts; however, they often lack the ability to analyze the custom code in SAP to identify where additional SoD risks exist—and identifying these risks by manually sifting through of lines of code is tedious and error prone.
Many SAP installations have been around for years, meaning hundreds of lines of code must be reviewed periodically for SoD risk. Without access to the original developers of this custom code or a good source code repository, it can be very challenging if not impossible to truly understand all the impacts the code has on your SoD risks.
The Fastpath Custom Code Checker works with Fastpath’s SoD and User Access modules to analyze custom code in SAP and identify potential conflicts down to the most securable object. This way, when evaluating users for Segregation of Duties, you will be looking at all the relevant objects, including custom objects and not just standard SAP code.
Businesses running SAP often run other business systems as well, such as accounting, ERP, CRM, or HCM systems, or analytics systems, such as Zendesk or Workiva. For those businesses, the Fastpath Custom Code Checker can identify conflicts and evaluate where these custom codes need to sit in your GRC ruleset within minutes.
Rather than look at each system in isolation, the Fastpath Assure platform works across your business applications to identify and reconcile your SoD risks. Fastpath comes with out-of-the-box integrations to many business applications for cross-platform analysis, and the Fastpath Universal Product Integration tool makes it easy to build integrations to systems not supported natively.
Fastpath Assure also offers the following products for SAP users:
- Identity manager (Who?) – Request application access with the security of an approval process without the need for IT intervention. Identity Manager streamlines user setup while adding approvals and audit trails into the process.
- Segregation of Duties / Access Reviews (What?) – The Fastpath Assure SoD module identifies access in ERP and other business software by user or role and reports conflicts or risks associated with that access. Promotions, department changes, mergers, and temporary access needs can all result in access changes for your users. Problems occur when old access or temporary access is not disabled after these changes. The Fastpath Assure Access Review module allows you to quickly analyze who has access to critical data at a granular level, reducing the resources and time needed to conduct these reviews every time.
- Audit Trail (Where?) – The Fastpath Assure Audit Trail module tracks user activity, noting critical changes to data and configuration settings, when, and by whom, including before and after values.
If you're interested in seeing this tool in action, watch this brief on-demand session of Fastpath’s custom code checker for SAP.