Segregation of duties

Juliette L

Member
Dear all

I have to tackle the SOD issues in my company. I was advised to build a matric with critical processes in the Finance Department, to check which roles were involved in those processes and then check the access rights in JDE. I would like to know first what is the architecture in JDE (what is the difference between a role, a system role, a user, transactions, security levels etc..). Is it possible to obtain from the JDE support team such a report?
Then, does someone have an example of a matrix listing the critical transactions and identifying the conflicts?
I don't know where to start, it's quite overwhelming...

Thanks a lot for your help !
 
Hi Juliette,

The solution is simple, but there is cost attached. There are two real security vendors with plug ins to JDE that you will want to evaluate.

All Out
Qsoftware E1config.

Any installation beyond a trivial one will really require that you buy one of these tools especially considering the time investment you would commit otherwise. The good news is other than the software, you don't have to buy any new hardware.

Malcolm
 
Hi Juliette,

Just to build on that reply from Malcolm, we also offer SoD as a Service. This will involve providing a segregation of duties 'audit' for you. We work through the SoD rules and the desired reports you need to see and then complete the process for you.

Or as the case may be there is software available for you to install and use at will.

If you want more details please let me know.

Many thanks,
 
Hi Juliette,

I can get you a full SoD report within 24 hours. If you are keen please contact me (luke.phillips) at ALLOut. I would do it free of charge in the first instance so you would only need to pay for subsequent audits.
 
Hi,

We had a lot of pressure from auditors so we didn’t bother creating our own matrix - we purchased a matrix of critical processes and SoD rules that ALLOut has created.

We bought the reporting module only (at first) and used it in conjunction with this matrix. Virtually no time or effort involved and auditors are very happy.

I hope this helps.
 
Back
Top