Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Segregation of Duties T codes

Former Member
0 Kudos

Hi Folks

Can anyone tell me where I can get/or if anyone can supply me with an EXTENSIVE list of T codes that are used or are relevant to the SOX and the Segregation of Duties.

I have been told that each company will have its own issues with SOX and SoD but and I am not so sure.

Points will be rewarded for Detailed answer

Thanks

Mark W

2 REPLIES 2

Former Member
0 Kudos

The statement:

"each company will have its own issues with SOX and SoD"

is correct. Additionally SOX & SoD are 2 different (though linked) things.

SOX is a set of (high level) requirements for internal control over the processes that relate to the financial statements.

Some of that is related to the IT systems that support those processes.

No single company is the same and as a result their business processes are not the same either. In the case of SOX (or a.n.other regulatory framework) the control requirements will be the same but they will satisfy them in different ways. A lot of companies spend a considerable amount of time & effort creating & implementing a control framework (including SoD cases) that meets their needs.

At the application level, (or x-app if appropriate) having adequate segregation of duties is a key control. As every business process is different there is no one single list of t-codes that satisfies the requirement. If we take the list that is in compliance calibrator, sure it's comprehensive & extensive but is only there are a guide & requires customisation to suit the business processes that it is being used in the context of.

One company may have a small department that precludes a complex SoD arrangement, however they have checks and balances in place which satisfy the control that <i>could</i> be met by implementing a preventative control in the form of an SoD.

After that load of rambling, there is some reasonable info here:

http://www.sapsecurityonline.com/sox_sod/sod_matrix.htm

The "high level view of conflicts" link is actually a renamed version of the SoD matrix provided in the ASAP methodology. It is useful in that it identifies the main conflicting functions. You then map the transactions that <i>your business</i> uses for those functions to produce a matrix of incompatible transactions that can be used to check for segregation of duties analysis

Former Member
0 Kudos

Are you looking for some automated search for Tcode conflict finder ??