Automating PeopleSoft Segregation of Duties: HCM and Financials


Published on

SmartERP webinar presentation covering automating Segregation of Duties for PeopleSoft HCM and Financials applications.

Published in: Business, Technology
    Are you sure you want to  Yes  No
    Your message goes here
  • Thank you sir,It is nice and more informative. We are providing online training on & for more info sap sd online training it gives the career plan. It is in simple language and understandable to every freshers.
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Automating PeopleSoft Segregation of Duties: HCM and Financials

  1. 1. Automating PeopleSoft Segregation of Duties: HCM and Financials PRESENTER: Kirk Chan, Smart ERP Solutions, Inc. NOTE: phones/mics are muted. Please submit any questions using the GoToMeeting QUESTION feature
  2. 2. Smart ERP Solutions
  4. 4. Segregation of Duties Segregation of duties (SoD), or separation of duties, is the concept of having more than one person required to complete a task. To help prevent fraud and error, no one individual should: • Initiate a transaction • Approve a transaction • Record a transaction • Reconcile balances • Handle assets
  5. 5. •No single individual should have control over two or more phases of a transaction or operation… •No one individual employee can complete a significant business transaction in its entirety… •Those responsible for physical receipt of goods should not be responsible for paying for the goods. •Those responsible for custody of goods should not be responsible for maintaining the records of the assets. •Those responsible for collection of receivables should not be responsible for entries in the book of accounts. What is Segregation of Duties Examples of Segregation of Duties
  6. 6. What Duties Should be Segregated? Purchase an Item PO Initiator PO Approver PO Receiver • Financial Duties – Requisition Initiator – Requisition Approver – P.O. Initiator – P.O. Approver
  7. 7. Workflow/HR Duties
  8. 8. Key Functionality for Automating SoD • Configurable Data Security You can employ fine-grained row level security via easy to use configuration options, to secure by any field, in any application in PeopleSoft. • Flexible Segregation of Duties Create policies for multiple SoD models and structure simple or complex SoD rules. You can apply different models to reflect the different needs of each part of your business. • Mitigation Mitigation allows you to cater to temporary or long-term situations where certain users may be authorized to “violate” your Segregation of Duties policy. This enables you to document such situations in preparation for your audit. You can then exclude mitigated users from your reports to avoid wasted effort during the audit. • Detective Mode Report of SoD violations at the Component, Permissions List and Role Level. • Preventative Mode Enforce SoD by validating security before user access. • Cater to seasonality Specify “from” and “to” dates to allow temporary seasonal variations to your normal business control requirements. This approach creates a very strong Return on Investment during the results analysis phase by allowing simplified or highly granular approach to SoD analysis. • Context based security Allows different security attributes for specific pages. For example, you can allow a user to only view his own department on an expense reimbursement, while allowing him to access all departments when entering a journal.
  9. 9. Benefits of Automation with Effective SoD • Allows you to build robust, proactive, manageable controls into your live system • Prevents SoD violations • Greatly reduces the time needed to manage SoD controls and achieve SOX compliance • Reduces the workload needed to prepare for your audits and clean up afterwards • Provides the evidence of controls that auditors demand, reducing the time taken to complete the audit • Affordable by organizations of all sizes
  10. 10. Top 10 Financials SoD Rules • Creating a journal entry and opening a closed accounting period • Maintaining accounts receivable master data and posting receipts • Depositing cash and reconciling bank statements • Completing goods transfer and adjusting physical inventory counts • Approving time cards and distributing pay checks • Preparing an order and changing a billing document • Changing an order and creating a delivery • Creating a journal entry and opening a closed accounting period • Creating general ledger accounts and posting journal entries • Maintaining bank account information and posting payments • Maintaining assets and creating a goods receipt
  11. 11. Top HCM SoD rules
  12. 12. Analysis Security Management Segregation of Duties Compliance Reporting Auditing Internal Controls A key element in the compliance lifecycle
  13. 13. Effective Automated Segregation of Duties SoD Proactive SoD Reactive SoD Mitigation
  14. 14. Characteristics/Benefits of Effective SoD • Built-in model enables SoD enforcement – Violations checked BEFORE go-live – Your decision to enforce rules or allow violations • Saves time (= money) – Easy set-up – Easy testing for violations – Quick and easy reporting – Reduces number of compensating controls required – Reduces auditing effort / costs • Reduces risk – Enforcing and reporting SoD violations reduces opportunity for fraud
  15. 15. SoD – The Issues • Nothing in PeopleSoft – Any release • Do use a Spreadsheet? • How do you… – Ensure the actual access control mirrors the spreadsheet? – Right people access the right data? – Manage change control problems? – Assess impact of changes? – Manage enforcement of SoD?
  16. 16. Proactive SoD Aim: Prevent SoD Violations occurring during security Assignment. Ensure Security Policy is enforced long term.
  17. 17. SoD Dashboards
  18. 18. Change Role assignment Or Security without affecting live security ‘Proactive’ SoD OK A/P “Super” Voucher Clerk Role 1. AP Voucher clerk 2. Secondary role 2 3. Secondary role 3 SoD Violations Check Violations A/P “Super” Voucher Clerk Role 1. AP Voucher clerk 2. Secondary role 2 3. Secondary role 6 SoD Violations Check Bank PaymentsInvoice entry (A/P) Credit NotesVendor Master Purchase OrderVendor Master Invoice entry (A/P)Purchase Order Vendor MasterPurchase Order Invoicing (A/R)Credit Notes Credit limitsSales Order Entry Sales Order EntryCustomer Master Goods ReceiptPurchase Order Sales Order EntrySales Pricing Bank PaymentsVendor Master Purchase OrderSales Order Entry From this taskSegregate this task: Extract from pre-populated, model Build Security
  19. 19. Proactive SoD: User Profiles
  20. 20. Reactive SoD Aim: Accurately assess existing security for remediation. Reduce Audit time and cost. Build case for restructuring security.
  21. 21. ‘Reactive’ SoD Components (In-depth Audit) Permission List (Process) Roles (High-Level) Reporting directly on existing security to identify any Current SoD violations
  22. 22. Creation of PeopleSoft SoD Rules • Role level – Create matrix of all active system roles – Identify all roles that should not be linked to the same user • Such as HR representative and Payroll Admin • Permission List / Business Process level – Include Application security & processing options – Add to / modify as needed • Component / Program level – Add in any custom or modified processing – If creating your own rules • Start with most important controls & gradually add to them
  23. 23. Mitigation – The Issues • Current Economic Climate – Many redundancies equates to less people doing more. – Major requirement from Audit to allow remediation where a user is considered a risk. – SOX requires that during an audit all risks must at least be visible and understood by the business. – With this comes risk assessment and documentation. • Seasonal Changes – Staff holidays or time away from office requires other users be able to perform these additional duties.
  24. 24. • Ability to mitigate users once a validation has occurred. • Details of mitigation, including notes get added to a mitigation table. • The user gets checked during the next validation but is not added to the violations table. • Ability to time out mitigations, i.e. allowing for staff who are on holiday, etc. Mitigation Solutions
  25. 25. Mitigation
  26. 26. PeopleSoft SoD Dashboards
  27. 27. PeopleSoft SoD Dashboards
  28. 28. PeopleSoft SoD Dashboards
  29. 29. • The user’s security profile is made up of the assigned roles, the permission lists assigned to that role and permission lists assigned directly to the user. Understanding PeopleSoft Security
  30. 30. Smart SoD Process
  31. 31. Demo: Smart SoD™ Financials demo HCM demo
  32. 32. Summary
  33. 33. Value Statement Security and Segregation of Duties is an important element of your overall PeopleSoft security and risk management Key Features of an automated solution can help you maintain legislative compliance (SoX), meet audit requirements and reduce the likelihood and impacts of fraud and errors • Expressly designed for your current PeopleSoft • Powerful Proactive, Reactive and Mitigation Features • Automated Workflow Approvals • Reporting/Dashboards facilitate audits and compliance • Use pre-packaged built-in security and SoD rules or easily create your own • Add-on Architecture Lowers Total Cost of Ownership – Seamless Integration – Utilize Best Practices – Maintenance and Upgrades
  34. 34. Questions? Submit your question using the GoToMeeting QUESTION feature (any remaining questions will be addressed via email after the broadcast)
  35. 35. Thank You Visit for information or contact us at