Abstract
Maturity models are widespread used in several domains ranging from business processes to complete management frameworks like CMMI, ITIL or Cobit. In the paper on hand we develop a detailed maturity model for the management of segregation of duties in ERP systems. Our model includes several aspects starting with simple access rights management of individual systems and leading to comprehensive organizational aspects of multiple systems environments. Applying this model, organizations are enabled to improve compliance regarding access rights using a step by step approach. The approach described can also be used to assess existing segregation of duties processes of an organization in order to reveal further improvement opportunities.
Chapter PDF
Similar content being viewed by others
Keywords
References
Carbonel, J.: Case Study: Assessing IT Security Governance Through a Maturity Model and the Definition of a Governance Profile. Information Systems Control Journal 2, 29–32 (2008)
Chandra, A., Beard, M.: Towards a Framework for Achieving Effective Segregation of Duties (2007), http://artsms.uwaterloo.ca/accounting/UWCISA-new/symposiums/symposium_2007/Chandra-SOD.pdf (retrieved August 25, 2009)
COSO Committee of Sponsoring Organizations of the Treadway Commission, Enterprise Risk Management - Integrated Framework - Executive Summmary 2004 (2004)
www.coso.org/Publications/ERM/COSO_ERM_ExecutiveSummary.pdf (retrieved September 15, 2009)
Debreceny, R.S.: Re-Engineering IT Internal Controls: Applying Capability Maturity Models to the Evaluation of IT Controls. In: Proceedings of the 39th Annual Hawaii International Conference on System Sciences, HICSS 2006, vol. 8, p. 196c (2006)
Fraser, P., Moultrie, J., Gregory, M.: The use of maturity models/grids as a tool in assessing product development capability. In: Proceedings of Managing Technology for the New Economy, St John’s College, Cambridge, UK, August 18-20, pp. 244–249. IEEE Service Center, Piscataway (2002)
Gehrke, N., Wolf, P.: Continuous Compliance Monitoring in ERP-Systems – A Method for Identifying Segregation of Duties Conflicts. Wirtschaftsinformatik 2009, 347–356 (2009)
Hendrawirawan, D., Tanriverdi, H., Zetterlund, C., Hakam, H., Kim, H.H., Paik, H., Yoon, Y.: ERP Security and Segregation of Duties Audit: A Framework for Building an Automated Solution. Information Systems Control Journal 2, 46–50 (2007)
OMG (2008), Business Process Maturity Model (BPMM), Object Management Group (OMG), http://www.omg.org/spec/BPMM/1.0/PDF/ Abgerufen am (08.02.2011)
Herbsleb, J., Zubrow, D., Goldenson, D., Hayes, W., Paulk, M.: Software Quality and the Capability Maturity Model. Communications of the ACM 6(40), 30–40 (1997)
International Federation of Accountants (IFAC). Handbook of international quality control, auditing, review, other assurance and related services pronouncements, 2010 edition, New York (2008) ISBN: 978-1-60815-052-6
Krell, E.: ERP System Controls. Business Finance 4(13), 18–22 (2007)
Little, A., Best, P.J.: A framework for separation of duties in an SAP R/3 environment. Managerial Auditing Journal 5(18), 419–430 (2003)
OMG Object Management Group. Business Process Maturity Model (BPMM) (2008), http://www.omg.org/spec/BPMM/1.0/PDF/ (Retrieved September 9, 2009)
Staud, J.L.: Geschäftsprozessanalyse. Ereignisgesteuerte Prozessketten und objektorientierte Geschäftsprozessmodellierung für Betriebswirtschaftliche Standardsoftware. Dritte Auflage. Springer (Springer-11775 /Dig. Serial), Heidelberg (2006)
Taiariol, R.: Segregated Duties in Fashion. Internal Auditor 1(66), 23–25 (2009)
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Omland, J., Gehrke, N., Müller-Wickop, N. (2011). A Maturity Model for Segregation of Duties in Standard Business Software. In: Nüttgens, M., Gadatsch, A., Kautz, K., Schirmer, I., Blinn, N. (eds) Governance and Sustainability in Information Systems. Managing the Transfer and Diffusion of IT. TDIT 2011. IFIP Advances in Information and Communication Technology, vol 366. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24148-2_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-24148-2_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24147-5
Online ISBN: 978-3-642-24148-2
eBook Packages: Computer ScienceComputer Science (R0)