Article

Roadmap to Segregation of Duty Compliance with Dynamics AX, Part II: Implementation and Deployment

by Corey Bakhtiary
Senior Consultant, Arbela Technologies,

In Part I of this article, we explored an iterative, agile approach to Segregation of Duty (SoD) compliance, beginning with goals and objectives. Now comes time to design a methodology, complete with roles-based SoD rules unique to your company, and to implement that methodology. If done well, this methodology ensures SoD compliance now and years from now, as segregation of duty becomes standard operating procedure (SOP).

Implementation methodology: Identify the Current State

This is an unflinching look at your existing operations, using an auditor's mindset. You are scouting out noncompliance and risks, not playing detective and looking for offenders.

  1. Validate and communicate the SOPs. Every organization has SOPs which they don't necessarily need to change; they need instead to change the roles and UGs authorized to perform those procedures. So the simple procedure of "receive order/ship order" may be done by the same person, the duties should reside in separate roles.
  2. Identify the applicable SoD rules. Here you identify the business process through the SOP or other documentation and sift it down to individual tasks and who has the ability to engage in them. If an organization has no such documentation, Arbela engages in business-owner interviews to get it documented, then breaks down the process into individual actions in Dynamics AX.
  3. Develop a security change process including tracking and all approval process. Here you standardize the change management process for these rules. You can work in Dynamics AX using cases or workflows to have a group of approvers sign off on a change in procedure before a user makes the change.
  4. Identify the existing ...

    FREE Membership Required to View Full Content:

    Joining MSDynamicsWorld.com gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates.
    Learn more about us here

    Get full access
Auditing Dynamics AX Regulatory Compliance
About Corey Bakhtiary

Corey Bakhtiary is a Senior Consultant at Arbela Technologies Corp. with expertise in application security, Sarbanes-Oxley and audit compliance. Arbela Technologies Corp. is a Microsoft Gold Partner for ERP and a Microsoft Silver Partner for both Dynamics CRM and Azure. Arbela further offers the Arbela Security Manager (ASM) solution which addresses security and auditing for Dynamics AX.

More about Corey Bakhtiary