Keep System Responsibilities Separate with SOD!

How do you prevent individual SAP system users from having too many different authorizations, and thus avoid organizationally separate tasks being performed by one and the same person?

By default, an SAP system is able to perform various checks on user authorizations and roles. Ideally, these checks are already taken into account when the authorization concept is created and are carried out regularly. The transition to SAP S/4HANA is also accompanied by changes in the authorization concepts, which tends to make the segregation of duties (SOD) even more complex.

What Does Segregation of Duties Mean?

Segregation of duties means separating the various tasks that a job involves and assigning these task responsibilities to different individuals. The aim is to protect a company from potentially fraudulent activities on the part of employees, which could be facilitated by one individual having multiple roles and activities. A good example would be if an employee had the authority to both adjust a customer’s bank account information and manage bill payments. In such a case, any criminal activity or even simply false entries by the employees could cause significant damage to a company and would be extremely difficult to trace back. 

To counteract this, it is important even in small companies to divide up the various responsibilities, even if this is not always straightforward, because (especially in very small companies) the number of responsibilities can exceed the number of employees.

Similar to the dual control principle, a segregation of duties (SOD) is intended to prevent errors and tampering and to correctly separate roles and areas of responsibility.