Here is the "free" definition of SoD: http://en.wikipedia.org/wiki/Segregation_of_duties

In SAP security, it could for example be the separation of Authorization Development from User Administration,

and / or

Not giving User Administrators access to administrate the user groups of their own IDs.

and / or

Restricting the authorizations for objects S_USER_VAL and S_USER_TCD to certain values for the Authorization Developers of business roles.

Cheers,

Julius

Segregation of Duties:

Duties within the department or function should be separated so that one person does not perform processing from the beginning to the end of a process. Duties that should be segregated include:

• Authorization

• Custody of the assets

• Recording transactions

If an adequate segregation of duties does not exist, the following could occur:

• Misappropriation of assets

• Misstated financial statements

• Inaccurate financial documentation (i.e., errors or irregularities)

• Improper use of funds or modification of data could go undetected

SOD matrix will be defined and it defines who would be having which access. It will define the risk involved in providing access to certain t-codes together.

This would help us audit the security level and avoid security concerns. There are certains tools like Virsa and Approva which help us in maintaining the SODs.

For more clarity, please follow this link

http://findarticles.com/p/articles/mi_m4153/is_5_60/ai_110222003

Regards,

Imran

please refer to below links:

http://www.sapsecurityonline.com/sox_sod/sox_sod.htm

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/f02855c9-2091-2a10-8682-af41abe0...

Sarbanes Oxley is a US law passed in 2002 to strengthen Corporate Governance and restore investor confidence.Sarbanes Oxley Act was sponsored by US Senator Paul Sarbanes and US Representative Michael Oxley.. Sarbanes-Oxley (or more popularly Sarbanes Oxley) law passed in response to a number of major corporate and accounting scandals involving prominent companies in the United States. These scandals resulted in a loss of public trust in accounting and reporting practices. Sarbanes Oxley legislation is wide ranging and establishes new or enhanced standards for all US public company boards, management, and public accounting firms.

The passing into law of the Sarbanes-Oxley Act of 2002 regulates how financial data must be handled and protected in all publicly held corporations.

SOD stands for seggrigation of duties.Basically you need to understand what is SOD. If you want to know little bit of information go to the standard SAP roles copy to Z or Y roles check out each role and transactions to have initial idea.

Regarding SAP Authorization you find the details in the following link.

http://help.sap.com/saphelp_nw04s/helpdata/en/52/671285439b11d1896f0000e8322d00/content.htm

http://help.sap.com/saphelp_47x200/helpdata/en/52/671126439b11d1896f0000e8322d00/frameset.htm

This is very small bit of information to share to start. There is very long way to understand each business area.

i hope it will help you.

please refer to :

http://findarticles.com/p/articles/mi_m4153/is_5_60/ai_110222003

SOD: Segreagtion of Duties.

I will try to explain this in the lay man's term. A single user should not have all authorizations combining which there can be a possible fraud. Like for example a user cannot have authorization to create a expense report and then authorization to approve the same. If this is the case he will create expense reports and then approve them, which will lead to financial loss.

So he should either be the creater or the approver.