To read this content please select one of the options below:

A framework for separation of duties in an SAP R/3 environment

Adam Little (Ernst & Young, Brisbane, Australia)
Peter J. Best (School of Accountancy, Queensland University of Technology, Brisbane, Australia)

Managerial Auditing Journal

ISSN: 0268-6902

Article publication date: 1 July 2003

3281

Abstract

The majority of medium‐to‐large international organizations have adopted enterprise resource planning systems (ERPs) of which SAP R/3 is the current market leader. This paper proposes a framework for the separation of duties in SAP R/3. Separation of duties is viewed as a critical component of an organization’s internal control structure aimed primarily at reducing opportunities for fraudulent activities. R/3 assigns profiles consisting of authorizations to users. Accordingly, R/3 facilitates the implementation of “role‐based access control”, where these profiles may be designed consistent with organizational roles and assigned to users performing these roles. This paper proposes a framework for adequate separation of duties using a role‐based approach in the financial accounting (FI) module of the R/3 system. Case studies were undertaken to refine the framework and to explore its application in a practical environment. This empirical research provided support for the adequacy of the proposed framework.

Keywords

Citation

Little, A. and Best, P.J. (2003), "A framework for separation of duties in an SAP R/3 environment", Managerial Auditing Journal, Vol. 18 No. 5, pp. 419-430. https://doi.org/10.1108/02686900310476882

Publisher

:

MCB UP Ltd

Copyright © 2003, MCB UP Limited

Related articles