Article

Roadmap to Segregation of Duty Compliance with Dynamics AX, Part I: Goals and Objectives

by Corey Bakhtiary
Senior Consultant, Arbela Technologies,

As Microsoft Dynamics AX capabilities expand, so too does the need to efficiently manage its security and the risks associated with its information and access.

Segregation of duties (SoD) is a powerful approach for minimizing risk and improper access to information. In addition to reducing auditing cost, implementing a robust SoD prevents individuals from completing a business process or sub-process on their own; without checks and approval steps, an organization exposes itself to the risk of an individual committing fraud.  The classic example is that the same person should not both create a vendor and process payments for that vendor.

SoD is a powerful approach, however Dynamics AX is not inherently powerful in enforcing it against specific functional capabilitis (e.g., menu access level). In addition, while Dynamics AX  2012 and the New Dynamics AX contain limited SoD capabilities, there are no out of the box rules.. Lack of out-of-the-box rules and SoD capability at the menu level make security management in Dynamics AX difficult -- leaving a feeling that the doors and windows are wide open.

So, a company concerned about meeting auditing requirements must implement its own methodology to manage SoD risks. This can be a daunting task without the right methodologies and tools; but very do-able with a methodology and tools in place.

The best approach to improving SoD should be an iterative, agile one. Rather than try to "eat the elephant all at once," a more successful approach is with clear business goals and a phased strategy. The idea is that you iterate to success through a series of well-defined deliverables that take you to the end goal.

Start with goals and objectives

FREE Membership Required to View Full Content:

Joining MSDynamicsWorld.com gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates.
Learn more about us here

Get full access

Auditing Dynamics AX Regulatory Compliance SOX Sarbanes-Oxley Sarbox
About Corey Bakhtiary

Corey Bakhtiary is a Senior Consultant at Arbela Technologies Corp. with expertise in application security, Sarbanes-Oxley and audit compliance. Arbela Technologies Corp. is a Microsoft Gold Partner for ERP and a Microsoft Silver Partner for both Dynamics CRM and Azure. Arbela further offers the Arbela Security Manager (ASM) solution which addresses security and auditing for Dynamics AX.

More about Corey Bakhtiary