Hi Arun,

Segregations of Duties (SoD) are a primary internal control intended to prevent or decrease the risk of errors or irregularities, identify problems, and ensure corrective action is taken. This is achieved by assuring no single individual has control over all phases of a business transaction.

There are four general categories of duties:

>Authorization

>Custody

>Reconciliation

>Record keeping

In an ideal system, different employees perform each of these four major functions. In other words, no one employee has control of two or more of these responsibilities. The more negotiable the asset, the greater the need for proper segregation of duties, most significantly when dealing with cash, negotiable checks, and inventories. In certain business areas SoDs are highly important. For example, this is the case in businesses where there is cash handling, as cash is a highly liquid asset, which means it is easy to take money and spend it without leaving a trail of where it went. Any department that accepts funds, has access to accounting records, or has control over any type of asset should be concerned with implementing SoDs. Some examples of incompatible duties are:

•Authorizing a transaction; receiving and maintaining custody of the asset that resulted from the transaction

•Receiving checks for payment on account; approving write offs‐

•Depositing cash; reconciling bank statements

•Approving time cards; having custody of pay checks.

SoDs can be challenging to achieve in a small operation, as it is not always possible to have enough staff to properly segregate duties. In those cases, management may need to take a more active role to achieve separation of duties by checking the work done by others, or by using other mitigating controls to minimize risks.

Risk Analysis and Remediation automates SoD-related activities. Using the application, you can:

•Define and monitor SoD conflicts

•Proactively address SoD conflict

•Define and audit mitigating controls.

I hope this information helps.

Regards,

Yukti

Hi Arun,

I have found few guides related to this. Please refer the below mentioned links :-

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/f02855c9-2091-2a10-8682-af41abe08...

http://www.securityweaver.com/pdf/DataSheet_SeparationsEnforcer.pdf

http://www.sapebooks.com/cms/doc/SEBKXXXX__Complex_Concept.pdf

I hope this helps.

Regards,

Yukti

Hi Arunachalam,

Please find the below link where details related to FI module is given:

http://scn.sap.com/thread/623809

I hope this can help you out.

Regards,

Akhil Chopra

Hi Arunachalam,

You can download the CC rule file from the Service Market Place.

You will find different files here, like Risk file, Risk Description file, Function_Action file etc for different areas.

When you open the Risk Description file you can see some FI related Risk starting with 'FI'.

This is the standard risk delivered by SAP.You can find all the details in this.

Hope this answers your query.

Regards,

Shaily

HI Arun,

You can find and download the standard rule set for Java (Netweaver) go to:

Support Packages and Patches > Browse our Download Catalog >SAP Solutions for Governance, Risk and Compliance > SAP GRC Access Control > SAP ACCESS CONTROL >
SAP GRC ACCESS CONTROL 5.3 > SAP GRC ACCESS CONTROL 5.3 TXT > OS independent > and download the CC5.3_Messages.txt

You may check the link to know more about SOD matrix :

http://www.ownersguidepdf.com/download-manual-ebook/sod-matrix-sap-fico-pdf.pdf

Hope this helps!

Best Regards,

Shreya Gupta

Hey Arun,

You may check the follwing thread as well for your reference:-

http://scn.sap.com/thread/737045

BR,

Yukti

Hi Arunachalam,

Please follow the thread below, it may help in answering the query:

http://scn.sap.com/thread/793717

Regards,

Akhil Chopra