Can anybody explain (short n simple) about SOX & SoDs with 3 examples for

Can anybody explain (short n simple) about SOX & SoDs with 3
examples for each functional module? n ur experience on SoDs.

Question Posted / prasad

2 Answers
11651 Views
IBM, I also Faced
E-Mail Answers

Answers were Sorted based on User's Feedback

Can anybody explain (short n simple) about SOX & SoDs with 3 examples for each functional modu..

Answer / parixit

SoX is serbian & Oxley, it is an ACT in US, this ACT should
be liable for buisness.

SoD is Segeration of Duties, Division of power in different
position. it gives power as per the designation.

Is This Answer Correct ?

5 Yes

1 No

Can anybody explain (short n simple) about SOX & SoDs with 3 examples for each functional modu..

Answer / sakthi

SOD stands for Segregation of duties.

It helps us to identify frauds and Misstatements.

For example in virsa tool we have critical SOD conflict S017
for SD module where it identifies and checks for user who
could Perform credit approval function and modify cash
received for fraudulent purposes.

SOD conflict F017 for FICO module where it checks for users
who could Maintain a non bona-fide bank account and divert
incoming payments to it.

SOD conflict P001 for PP module where it checks for users
who could Maintain a fictitious vendor and enter a Vendor
invoice for automatic payment

As far my experience concerned we need to avoid critical SOD
conflicts as much as possible and these SOD conflicts are
the ones which the auditor checks and they ask for the
mitigation control that we have outside like trace.

Is This Answer Correct ?

3 Yes

0 No

Post New Answer

More SAP Security Interview Questions

hi , can any one say what is the exact use of SNC TAB IN SU01,IF IT IS EXTERNAL SECURITY PURPOSE ,WHAT KIND OF SECURITY PURPOSE?

2 Answers

What authorization is required to create and maintain user master records?

0 Answers

What are st01 t-codes used for?

0 Answers

Hi This is Prakash . Can any one tell me what is the use of SU24 and SU25 transaction code exactly

8 Answers Accenture,

1).what is the diff b/w adding the tcode in s_tcode authorization object and addind the tcode inmenu tab of pfcg? 4) What is the difference between Owner, Controller and Administrator in Firefighter? 2) Can you tell me why do you use S_TABU_DIS authorization object? 3) Explain How do you restrict a particular table acces then? 5)In RAR ,What are the default Back ground Jobs? 6)Which job will update all user master records? 7)What will happen whenever we execute a t-code? 8)What is the purpose of the report RSUSR006? 9) Lets say a user is locked by admin? What value will you see in USR02 table and in UFLAG column? 10) What will you do if the user complains that he is not able to access a t-code? 11)why we have to delete users ? 12)a. What is Direct role assignment and indirect role assignment? b. What is the process of adding a t-code to an existing role? c. If client asked you to modify a role directly in PRODUCTION for emergency? Is it possible? What you will do in that situation? d. What is the purpose of customized Transaction codes? Have you created any custom t-codes? 13)

3 Answers IBM,

What authorization are required to create and maintain user master records?

0 Answers

Give an example of SOD with object level control & also decide the Risk implication from the Technical standpoint.

0 Answers

i want to know how to list out the mass activities and mass organizational levels...

1 Answers

What's the use of Detour path? How Fork path differs from Detour path

1 Answers

How to assign any program to user?

0 Answers Cap Gemini,

What appears as the last sentence in sap note 587410?

0 Answers

How to create a simple or single role.?

2 Answers

For more SAP Security Interview Questions Click Here