Can anybody explain (short n simple) about SOX & SoDs with 3
examples for each functional module? n ur experience on SoDs.
Answers were Sorted based on User's Feedback
Answer / parixit
SoX is serbian & Oxley, it is an ACT in US, this ACT should
be liable for buisness.
SoD is Segeration of Duties, Division of power in different
position. it gives power as per the designation.
Is This Answer Correct ? | 5 Yes | 1 No |
Answer / sakthi
SOD stands for Segregation of duties.
It helps us to identify frauds and Misstatements.
For example in virsa tool we have critical SOD conflict S017
for SD module where it identifies and checks for user who
could Perform credit approval function and modify cash
received for fraudulent purposes.
SOD conflict F017 for FICO module where it checks for users
who could Maintain a non bona-fide bank account and divert
incoming payments to it.
SOD conflict P001 for PP module where it checks for users
who could Maintain a fictitious vendor and enter a Vendor
invoice for automatic payment
As far my experience concerned we need to avoid critical SOD
conflicts as much as possible and these SOD conflicts are
the ones which the auditor checks and they ask for the
mitigation control that we have outside like trace.
Is This Answer Correct ? | 3 Yes | 0 No |
What does the pfcg_time_dependency clean up?
What are the critical tables in BI Security
a user is asking for a t-code to assign ? hou do u assign the t-code ?
What is Business Process? Explain about the Business Process Procure to Pay?
SU25 Step6 How Roles are created through Profiles?
how to do Restricting nodes and Hierarchies through characteristic values and authorization objects
How would you do the 'lock all users at once'.
1. what is the difference b/w change authorization mode and expert mode. 2.when we do the user comparison in pfcg what is the difference in complete comparison and expert mode comparison. 3. what are the critical auth objects in security point of you , 4.when we do the transportation of composite role what will happened . 5.while doing the kernel upgrade we download the executable s one by one are all together. 6. while applying the patches what is the importance of test import why we do test import
How can find out wheather CUA(Central User Administration) is configured on your sap system?
Q6) When do you get a screen for " maintaining the authorization values for org elements " in PFCG ??? (i.e..screen you get thru PFCG --> AUTHORIZATION tab --> CHANGE AUTHORIZATION DATA --> SCREEN FOR MAINTAINING ORG ELEMENT VALUES )
How to assign more than 312 profiles to any user?? As 312 profiles are limited to assign in any user account.
Can you explain secure store and forward?