Finding the Segregation of Duties (SOD) Conflicts in Microsoft Dynamics GP 10—Why the User Level Is Key
Recently, I was working on a SOX (Sarbanes-Oxley) compliance project for a large corporation that used Microsoft Dynamics GP in a subsidiary location. The internal audit team tasked with segregation of duties (SOD) analysis was not familiar with how security worked in Dynamics GP. As the project progressed, I kept a log of their key questions surrounding SOD and Microsoft Dynamics GP.
We are using the roles and tasks delivered by Microsoft. Will we have any SOD issues?
The team identified that any role or task name that contained an asterisk was standard delivered from Microsoft. They also confirmed that only roles and tasks with asterisks were being used. With that in mind, the team figured that there was no need to analyze the segregation of duties. There are two issues with this logic.