Critical permissions check
Are you worried about the abuse by combining critical permission in your company? Do you want to control all purchases and investments? Do you apply the Segregation of Duties principle?
We have prepared a “Critical Permission Check” solution for you to find out in time any inconsistencies or unwanted concurrence of allocated permissions.
Principles of Critical permissions check
In SAP ERP standard is prepared a report that allows the control of allocated permissions. In order to run this report, it is necessary to fill it with the necessary data (critical combinations and critical permissions) and set it to be in accordance with the subject’s requirements. With years of experience in this field, we are able to set up the data of critical permissions based on the requirements of the accountant auditors and the organization’s specific needs.
The basic prerequisite for critical permissions check is that the organization of work responsibilities allows the possibility separation of activities which are from the economic and security point of view mutually contradictory (e.g. buyers who issue an order do not have the permission to receive goods at the same time). This means the consistent application of the Segregation of Duties principle.
The obtained data is filled into variants of critical permissions, where each variant contains a set of critical permissions consisting of the permission objects and their values.
After filling the data, it is regularly possible to run and check the report. For each report mismatch, the report lists the users that have an undesirable concurrency of permissions.
Benefits of Critical Permission Checks solution
- Set up data (critical combinations and critical permissions) based on the organization´s needs
- Controls in accordance with the requirements of the auditors
- Controls in accordance with the organization security requirements
- Elimination of risks related to the misuse of critical permission combinations