With summer coming to an end, audit cycles are creeping up soon and that means the annual review of internal controls, including segregation of duties (SoD), will once again commence. Companies that still haven’t taken the plunge towards automating these controls, or use manual processes to do so, will likely face a high number of SoD risks and audit deficiencies.
So we've just passed the mid-year hump of 2017 and before you know it, it'll be time to prepare for the next SAP access audit (just when you thought you recovered from the last one). If this is a process you normally dread, and you're not using any type of automation to make it easier, you may want to listen to how one of our customers managed to save 3 weeks during her last audit.
While not every segregation of duties (SoD) risk leads to fraud, it makes it more likely to happen. According to a 2016 KPMG report on internal fraud, weak controls were a contributing factor for 61 percent of fraud cases and over half of fraudsters were currently employed by the company.
One of the biggest challenges for an audit or IT professional is to identify all the possible segregation of duties (SoD) conflicts that exist within their environment. While this process is essential for audits and general financial reporting, it’s often complex and lengthy. Moreover, once the SoD risks are identified and corrected, monitoring the environment to catch new risks becomes another challenge that most audit and IT teams struggle to solve.