A framework for separation of duties in an SAP R/3 environment
Abstract
The majority of medium‐to‐large international organizations have adopted enterprise resource planning systems (ERPs) of which SAP R/3 is the current market leader. This paper proposes a framework for the separation of duties in SAP R/3. Separation of duties is viewed as a critical component of an organization’s internal control structure aimed primarily at reducing opportunities for fraudulent activities. R/3 assigns profiles consisting of authorizations to users. Accordingly, R/3 facilitates the implementation of “role‐based access control”, where these profiles may be designed consistent with organizational roles and assigned to users performing these roles. This paper proposes a framework for adequate separation of duties using a role‐based approach in the financial accounting (FI) module of the R/3 system. Case studies were undertaken to refine the framework and to explore its application in a practical environment. This empirical research provided support for the adequacy of the proposed framework.
Keywords
Citation
Little, A. and Best, P.J. (2003), "A framework for separation of duties in an SAP R/3 environment", Managerial Auditing Journal, Vol. 18 No. 5, pp. 419-430. https://doi.org/10.1108/02686900310476882
Publisher
:MCB UP Ltd
Copyright © 2003, MCB UP Limited