The Fastpath Assure® Suite includes a module for Segregation of Duties (SoD). The SoD module analyzes access in your business software, by user or role, down to the lowest security level, and reports conflicts or risks associated with the access.
Segregation of duties is the practice of separating the access needed to perform a business process between multiple users in order to limit the risk of fraud, error, and misstatement. For example, take the process of paying vendors. You don’t want to give one person the capability of both creating and paying a vendor because you run the risk of the user creating and paying themselves as a vendor.
Developed in conjunction with internal and external auditors, Fastpath Assure is delivered with built-in audit intelligence to enable users to efficiently and effectively analyze their Microsoft Dynamics, Oracle, SAP, Intacct, NetSuite and other applications for potential segregation of duties conflicts. With Fastpath Assure, users can propose, approve, and implement resolutions and mitigations within the system throughout the audit process.
Businesses may understand the need for segregation of duties (SoD), but recognizing SoD conflicts in their system can be another story. This may result from an incomplete list of conflicts, an inability to easily pull access data, or an excessively complicated access model with dozens, hundreds, or even thousands of users and access points to review. Any of these issues can make SoD reviews inefficient, if not impossible.
The SoD module in Fastpath Assure comes with a conflict rule set designed by internal and external auditors and mapped to the specific business software used. The module can use the rule set to automatically review the user access and roles in your system for conflicts and report them in an easy-to-read and comprehensive report.
No matter the size of your business, conflicts will exist in your system. For smaller businesses, you may not have enough staff to sufficiently segregate duties. In larger businesses, you may have so many users that overlapping access and role capabilities may occur. In addition to increasing risk, conflicts create compliance problems. So, what do you do with the conflicts you cannot remove from your system? You mitigate them.
The Fastpath Assure SoD module helps in two ways, allowing mitigations to be recorded and providing audit reports for those mitigations. While not actively mitigating the conflict, this allows for the reporting of all mitigations in one place. When the auditor finds the conflicts, they are also given the mitigation in use, simplifying the audit process and providing accountability in your business.
You’ve gone through your entire system, cleaned up your critical conflicts and
With Fastpath Assure, the SoD module allows real-time review of roles and users to identify when an issue occurs. The module includes the ability to create reports and schedule them to be run regularly, so conflicts can be recognized and mitigated early and often.
A primary concern for auditors is for organizations to have control of their financial system. When auditors check your system for SoD they are looking to identify conflicts, review the associated mitigating or compensating controls, and analyze which user signed-off on those mitigations. Prepping all of this information for your auditors can be extremely time-consuming and costly.
What if you could have this information prepped for you? With Fastpath Assure, the SoD module can continually track your system for SoD conflicts, mitigations can be logged, and reports can be scheduled for regular review. The reports can be sent out in multiple formats and sign-offs can be recorded for auditor review later. With these abilities, much of your audit prep can be completely automated.
See how Hamamatsu Corp, a global, publically traded company, uses Fastpath Assure to simplify their audits and segregation of duties analysis.
Sarbanes-Oxley regulations are complex, but there are ways to simplify it. In this short E-book, Norman Marks focuses on simplifying your controls and other considerations when choosing your GRC software.
GRC 20/20 Research, LLC (GRC 20/20) provides clarity of insight into governance, risk management, and compliance (GRC) solutions and strategies through objective market research, benchmarking, training, and analysis. Read their report on Fastpath Assure®, the security and compliance platform which won their "Innovation in User Experience for Automated Controls" Award in 2017!
Building roles and implementing strong security in D365FO can be a daunting task, so we created a tool to assist in designing security roles for Dynamics 365 for Finance and Operations.
Whether you know the importance of access controls or not, implementing and maintaining them can still be a difficult part of your SAP security plan. The audit and security expert, Keith Goldschmidt, goes over what access controls are, how SAP handles them, how you should implement and maintain them, and even suggests some tools to make the process easier on you.