Little, Adam G. and Best, Peter J. (2003) A framework for separation of duties in an SAP R/3 environment. Managerial Auditing Journal, 18 (5). pp. 419-430. ISSN 0268-6902
|HTML Citation||EndNote||Dublin Core||Reference Manager|
Full text available as:
|PDF (Accepted Version) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader|
Official URL: http://www.emeraldinsight.com/10.1108/02686900310476882
Identification Number or DOI: doi: 10.1108/02686900310476882
[Abstract]: The majority of medium-to-large international organizations have adopted enterprise resource planning systems (ERPs) of which SAP R/3 is the current market leader. This paper proposes a framework for the separation of duties in SAP R/3. Separation of duties is viewed as a critical component of an organization’s internal control structure aimed primarily at reducing opportunities for fraudulent activities. R/3 assigns profiles consisting of authorizations to users. Accordingly, R/3 facilitates the implementation of “role-based access control”, where these profiles may be designed consistent with organizational roles and assigned to users performing these roles. This paper proposes a framework for adequate separation of duties using a role-based approach in the financial accounting (FI) module of the R/3 system. Case studies were undertaken to refine the framework and to explore its application in a practical environment. This empirical research provided support for the adequacy of the proposed framework.
Archive Staff Only: edit this record