A joint solution from KPMG and Fastpath
Nearly two decades ago, the Sarbanes-Oxley (SOX) Act mandated separation of duties (SOD) to prevent a single person from controlling all aspects of a transaction. Yet, risk still plagues businesses, due in part to today’s business trends: digital innovation, mergers and acquisitions (M&A), and remote workforces.
As businesses transform with a proliferation of best-of-breed, cloud-based systems, security professionals face more workflows, integration points, and mitigating controls that all have to work together across many applications. In addition, the M&A uptick resulting from low interest rates means both a consolidation and integration of roles—leading to SOD complexities and deficiencies that leave companies vulnerable to employee fraud and error. Even the remote workforces ushered in by COVID-19 bring greater technology security risk.
Traditionally, SOD is siloed with embedded controls to monitor a single application such as an enterprise resource planning (ERP) system. Monitoring for business processes that span multiple apps is often done manually. Conducting audits or deconstructing fraud events proves these missed links and unrealized exposures elevate risk. Fortunately, KPMG LLP (KPMG) and Fastpath can help.
Leveraging Fastpath Assure technology, KPMG offers a five-step process to evaluate needs, implement strategy and technology, and continuously improve SOD programs. The result is a scalable application security tool with automated access and SOD analysis that drives operational efficiency and lowers overall cost of ownership.
KPMG professionals guide you through the five steps to next-generation SOD 3.0:
The joint offering includes more than 20 proprietary rule sets developed across a mixture of cloud and on-premises applications. The library contains major ERP packages such as SAP S/4HANA, Oracle, Workday, Microsoft Dynamics, PeopleSoft, and NetSuite, as well as cloud applications such as Coupa, Ariba, Salesforce, and SuccessFactors. Additionally, KPMG and Fastpath continuously develop and update industry-specific rule sets that offer access controls tailored to your sector.