290 likes | 315 Vues
Segregation of Duties for Infor-Lawson Software A Key Element in the Compliance Lifecycle. Agenda. A Key Element in the Compliance Lifecycle. Compliance Dashboard. About Us Proactive SoD Reactive SoD Mitigation. About Us. A Key Element in the Compliance Lifecycle.
E N D
Segregation of Duties for Infor-Lawson Software A Key Element in the Compliance Lifecycle
Agenda • A Key Element in the Compliance Lifecycle Compliance Dashboard • About Us • Proactive SoD • Reactive SoD • Mitigation
About Us • A Key Element in the Compliance Lifecycle Committed to your success. • Founded in 1983, Kinsey has provided software sales, implementation, support and development for 35 years. • Lawson reseller and implementation partner since 1997. • Lawson certified systems integrator partner. • Lawson complementary software partner. • Lawson’s “Go to” implementation partner for public sector. • Provide complementary Lawson software products.
Our Solution A Key Element in the Compliance Lifecycle
Segregation of Duties • A Key Element in the Compliance Lifecycle
Effective Segregation of Duties • A Key Element in the Compliance Lifecycle
Characteristics/Benefits of Effective SoD • A Key Element in the Compliance Lifecycle • Built-in model enables SoD enforcement • Violations checked before user provisioning • Your decision to enforce rules or allow violations • Saves time (=money) • Easy set-up using delivered SoD policies • Easy testing for violations • Quick and easy reporting • Reduces auditing effort / costs • Reduces Risk • Enforcing and reporting SoD violations reduces opportunity for fraud
SoD Issues • A Key Element in the Compliance Lifecycle • Limited Functionality • No delivered polices or rules in S3 • No SoD reporting in Landmark • No notifications • No remediation process • Use a Spreadsheet? • How do you: • Ensure the actual access control mirrors the spreadsheet? • The right people access the right data? • Manage change control problems? • Assess impact of changes? • Manage enforcement of SoD?
Segregation of Duties 300 Delivered Policies With our delivered policies covering Asset Management, Cash Management, Closing Procedures, Inventory Control, Order Processing, Payables Management, Purchasing, Receivables Management, and Payroll you will receive immediate benefits from the SOD reports. You can also define your own policies using the SOD admin screen, Over 2,500 Predefined Rules Compliance Dashboard for Infor-Lawson Our Lawson application consultants have defined over 2,200 rules that are used to validate that your security conforms to the 240 SOD delivered policies. You have full flexibility over adding or changing any of the rules. Automatic Email Notifications Once you have defined a report simply add it to our schedule so you can be notified when a security change causes an SOD violation. The Segregation of Duties application is designed to ensure that you have the proper checks and balances built in your security model to prevent fraudulent activity. With the added flexibility of our ad-hoc reporting you can create, save, and email critical reports as needed.
Policies & Rules - Segregation of Duties • A Key Element in the Compliance Lifecycle SOD Policy Library S3 and Landmark Applications Supported 9 Predefined Categories Library includes 300 Policies 2,500+ Rules Policy Ratings Create New Categories Create New Policies Create New Rules Modify any Existing Policy Define rules by Form, Role, Security Class or Field
Proactive SoD • A Key Element in the Compliance Lifecycle Policy Library
Proactive SoD • A Key Element in the Compliance Lifecycle • Objective • Prevent SoD violations occurring during security assignment. • Ensure security policy is enforced long term. Role Modeling SoD Notifications
Proactive SoD • A Key Element in the Compliance Lifecycle SoD Violations Check LDAP EntryClerk Fail EntryClerk APAdmin Pass
Proactive SoD • A Key Element in the Compliance Lifecycle SoD Violations Check LDAP EntryClerk Print Report Fail EntryClerk APAdmin Pass
Proactive SoD • A Key Element in the Compliance Lifecycle
Proactive SoD • A Key Element in the Compliance Lifecycle
Reactive SoD • A Key Element in the Compliance Lifecycle • Objective • Accurately assess existing security for remediation. • Reduce audit time and cost. SoD Reporting SoD Dashboard
Reactive SoD – User Reporting • A Key Element in the Compliance Lifecycle SoD Violations Check LDAP Fail Pass
Reactive SoD – User Reporting • A Key Element in the Compliance Lifecycle SOD Violation Reports User / Policy Conflicts Policy / User Conflicts Composite Roles / Policy Conflicts Role / Policy Conflicts Differences Report Activity Conflicts Microsoft Excel Export Unlimited Saved Reports Scheduled Email Notifications Drill Directly to Security Reports
Reactive SoD – User Reporting • A Key Element in the Compliance Lifecycle SOD Violation Matrix
Mitigation • A Key Element in the Compliance Lifecycle • Objective • Accurately assess existing security for remediation. • Resolve SoD Conflicts • Reduce audit time and cost. SoD Remediation
Reactive SoD – User Reporting • A Key Element in the Compliance Lifecycle SoD Violations Check LDAP Fail Pass
Mitigation – User Reporting • A Key Element in the Compliance Lifecycle SoD Violations Check LDAP Print Report Fail Pass Modify Security
Mitigation – User Reporting • A Key Element in the Compliance Lifecycle SoD Violations Check LDAP Print Report Fail Pass Modify Security
Mitigation – User Reporting • A Key Element in the Compliance Lifecycle SoD Violations Check Monitor User Activity LDAP fnelson Fail Finance Users Pass
Mitigation • A Key Element in the Compliance Lifecycle SoD Remediation
Applications require a simple dedicated virtual server. • Available for Lawson versions 9.x, 10.x and 11.x. • Supported for on premise or hosted in Lawson environments. • Remote installation is done in 1 to 3 days depending on products selected. • Remote training can be completed is less than 2 days depending on products selected. Implementation
Kinsey & Kinsey, Inc. 26 North Park Boulevard Glen Ellyn, IL. 60137 630-858-4866 g.henson@kinsey.com call 757-621-8236 www.kinsey.com Thank you for attending! We hope you found it helpful!