2014 Oct 28 2:24 AM
Hi GRC experts,
I am working in a Public Sector project using Funds Management (PSM-FM) and we need to implement the SOD matrix and rules for this module.
As per my understanding, SAP does not provide any SOD rules for PSM-FM and they need to be created manually.
Has anyone come accross this same requirement and has inputs/advices to share? Any information about identified actions/functions/risks for PSM-FM are very welcome.
Thanks for your help!
2014 Nov 07 3:46 PM
Hello Olfa, finally did you get something?. Im in the middle of a project with same situation. I presume I will have to do it manually.
Regards
Jaime
2014 Nov 07 4:19 PM
Hi,
SAP doesn't provide SOD rules for all modules. But you can build them on your own depending on your business requirements.
SoD Implementation Process:
For implementing SoD Controls across an enterprise, we need to do a heavy exercise. Therefore implementation SoD is done in form of a project. The implementation can be done by outlining the following steps as described below:
•
Identify what is the objective of organization, hierarchy and nature of Organization, and job profiles in the organization, by doing an Organization scan.
•
Identify the processes that are being followed in organization.
•
Identify the current state of roles/responsibilities and authorization in the enterprise.
•
Create the Role Matrix. Mark roles on one axis of Matrix and functions on other axis. Identify will there be any SoD conflict if role access to particular function is given to a single individual. Yes or No, flag the position in matrix accordingly, clearly.
•
After analyzing the SoD conflict from role matrix, discuss with management and make the required changes in order to resolve SoD conflicts.
•
In role matrix at position where SoD Conflicts cannot be resolved, design the mitigating controls.
•
According to findings in role matrix, generate the roles and mitigating controls within the enterprise system.
•
Create a document that will well-define the changes required in a simple and organized manner.
•
Document various roles, processes and mitigating controls for auditing and reporting.
•
Inform and report the changes required to management and as well as to those affected, to make sure changes are implemented in well organized and smooth manner.
SoD is critical in helping managing risks. SoD issues and controls come up frequently when there are audits and reviews. SoD controls can be use as step to measure and resolve the risks associated with the different roles and access to functions. To resolve the conflicts, we can design roles as per the business needs of various function/processes being executed in an enterprise.
Regards,
Madhu.
2014 Nov 07 4:26 PM
2014 Nov 19 9:01 AM
Hi Jaime,
I did not get anything and I am currently building a simplified matrix.
Will share with you once I am done 🙂
Olfa
2014 Nov 19 1:42 PM
Thank you Olfa, here also working on it. When Im done also could share.
Regards
Jaime