Finding the Segregation of Duties (SOD) Conflicts in Microsoft Dynamics GP 10—Why the User Level Is Key

Recently, I was working on a SOX (Sarbanes-Oxley) compliance project for a large corporation that used Microsoft Dynamics GP in a subsidiary location. The internal audit team tasked with segregation of duties (SOD) analysis was not familiar with how security worked in Dynamics GP. As the project progressed, I kept a log of their key questions surrounding SOD and Microsoft Dynamics GP.

We are using the roles and tasks delivered by Microsoft. Will we have any SOD issues?

The team identified that any role or task name that contained an asterisk was standard delivered from Microsoft. They also confirmed that only roles and tasks with asterisks were being used. With that in mind, the team figured that there was no need to analyze the segregation of duties. There are two issues with this logic.


Requires FREE Membership to View

Become a Member Joining gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more, and it’s all FREE. You’ll also receive periodic email newsletters with the latest relevant articles and content updates.
About Andy Snook

Andy is Certified in Risk and Information Systems Controls (CRISC) as well ascertified in Microsoft Dynamics and SAP.  

He has been designing audit and compliance solutions for over 13 years and has assisted with compliance projects at more than 100 companies. Under hisleadership, Fastpath has grown to support more than 1,000 companies in over 30 different countries and is recognized as an Industry Leader by the Institute of Internal Auditors. 

Prior to his time at Fastpath, Andy was a financial systems implementation consultant for Microsoft Dynamics and an SAP management consultant with Ernst & Young. He graduated from the University of Notre Dame with degrees in Economics and Computer Applications.

Read full bio...