To read this content please select one of the options below:

A framework for separation of duties in an SAP R/3 environment

Adam Little (Ernst & Young, Brisbane, Australia)
Peter J. Best (School of Accountancy, Queensland University of Technology, Brisbane, Australia)

Managerial Auditing Journal

ISSN: 0268-6902

Article publication date: 1 July 2003



The majority of medium‐to‐large international organizations have adopted enterprise resource planning systems (ERPs) of which SAP R/3 is the current market leader. This paper proposes a framework for the separation of duties in SAP R/3. Separation of duties is viewed as a critical component of an organization’s internal control structure aimed primarily at reducing opportunities for fraudulent activities. R/3 assigns profiles consisting of authorizations to users. Accordingly, R/3 facilitates the implementation of “role‐based access control”, where these profiles may be designed consistent with organizational roles and assigned to users performing these roles. This paper proposes a framework for adequate separation of duties using a role‐based approach in the financial accounting (FI) module of the R/3 system. Case studies were undertaken to refine the framework and to explore its application in a practical environment. This empirical research provided support for the adequacy of the proposed framework.



Little, A. and Best, P.J. (2003), "A framework for separation of duties in an SAP R/3 environment", Managerial Auditing Journal, Vol. 18 No. 5, pp. 419-430.




Copyright © 2003, MCB UP Limited

Related articles