What is SAP Authorization Review and Segregation of Duties (SoD)?
Authorization in SAP system is a complex area and requires detailed understanding of both SAP authorization concepts (such as authorization objects, authorizations, profiles, roles, and user master records) and business processes (such as financial accounting, procurement, and sales).The purpose of authorizations review is to ensure that user access is based on their responsibilities and that users are not assigned any additional access.
Segregation of Duties (SoD), on the other hand, ensures that no one individual has complete control over a major phase of a process and is typically enforced through a combination of authorizations and compensating controls.
Objective of this assessment
Approach & Methodology
softScheck’s SAP Authorizations Review and Redesign Methodology is based on softScheck’s extensive experience in the area of SAP authorization review and redesign. This is a comprehensive methodology and consists of the following three components.
The SAP authorization and SoD review utilize the first two components of the methodology, while the third component is utilized for redesign engagement.
The methodology is based on a risk-based approach, which goes beyond the symptoms to identify ‘root causes. This results in the following benefits: