Can anybody explain (short n simple) about SOX & SoDs with 3
examples for each functional module? n ur experience on SoDs.
Answers were Sorted based on User's Feedback
Answer / parixit
SoX is serbian & Oxley, it is an ACT in US, this ACT should
be liable for buisness.
SoD is Segeration of Duties, Division of power in different
position. it gives power as per the designation.
Is This Answer Correct ? | 5 Yes | 1 No |
Answer / sakthi
SOD stands for Segregation of duties.
It helps us to identify frauds and Misstatements.
For example in virsa tool we have critical SOD conflict S017
for SD module where it identifies and checks for user who
could Perform credit approval function and modify cash
received for fraudulent purposes.
SOD conflict F017 for FICO module where it checks for users
who could Maintain a non bona-fide bank account and divert
incoming payments to it.
SOD conflict P001 for PP module where it checks for users
who could Maintain a fictitious vendor and enter a Vendor
invoice for automatic payment
As far my experience concerned we need to avoid critical SOD
conflicts as much as possible and these SOD conflicts are
the ones which the auditor checks and they ask for the
mitigation control that we have outside like trace.
Is This Answer Correct ? | 3 Yes | 0 No |
what difference of the autherisations on change and expert
Can any one tell me briefly , what is the roles and responsibilities of SAP BASIS Security Administrator..
what is difference between se16 and sm31?
Mention which t-codes are used to see the summary of the authorization object and profile details?
what is workprocess thresholdtime?
Explain network topology in sap systems?
i haven taken training on sap basis... right now i m looking for job .what we are doing in trace (st01)explain in detailed.
what is parameter id and what is user group in su01 ?
How can we update the unique E-mail IDs for 1000 users at a time?
How to update risk id in rule set?
could anyone tell me how we can copy the mass roles from sap_all profiles???????
How many maximum profiles we can assign to one user?