Segregation of duties and access risk, explained

Segregation of duties (SoD) is the principle that no single person should control every step of a sensitive process — for example, both creating a vendor and paying it, or both maintaining bank details and running payments. Separating those duties is one of the most basic and important controls in finance.

How access risk builds up

In a real ERP, roles and authorizations accumulate over time. People change jobs, cover for colleagues, and pick up access they never lose. Eventually someone holds a combination of permissions that, together, let them complete a risky process unchecked — a conflict that no one designed but everyone inherited.

These conflicts are hard to see by hand because they emerge from combinations of permissions across many roles, not from any single assignment.

Continuous monitoring

Automated access monitoring scans role assignments and authorizations against a library of segregation-of-duties rules, surfaces the conflicts, and scores each one for how likely it is to be a real risk rather than a false positive. It also compares the access a person has against the activity they actually perform, to focus attention on genuine exposure.

Because it runs continuously, it catches new conflicts as they appear instead of once a year during an audit.

From detection to remediation

Finding a conflict is only half the job. The value is in routing it to the right owner, recording the decision, and adjusting the access — with an immutable history of what changed and why. That record is what turns access reviews from a fire drill into a controlled, repeatable process.