A Framework For Separation Of Duties In An SAP R/3 Evironment
The majority of medium-to-large international organizations have adopted enterprise resource planning systems (ERPs) of which SAP R/3 is the current market leader. This paper proposes a framework for the separation of duties in SAP R/3. Separation of duties is viewed as a critical component of an organization’s internal control structure aimed primarily at reducing opportunities for fraudulent activities. R/3 assigns profiles consisting of authorizations to users. Accordingly, R/3 facilitates the implementation of ‘role-based access control’, where these profiles may be designed consistent with organizational roles and assigned to users performing these roles. This paper proposes a framework for adequate separation of duties using a role-based approach in the Financial Accounting (FI) module of the R/3 system. Case studies were undertaken to refine the framework and to explore its application in a practical environment. This empirical research provided support for the adequacy of the proposed framework.
Impact and interest:
Citation counts are sourced monthly from and citation databases.
These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.
Citations counts from theindexing service can be viewed at the linked Google Scholar™ search.
Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.
|Item Type:||Journal Article|
|Keywords:||Role, Based Access Control, SAP R/3, Separation of Duties, Fraud, Authorization, Security|
|Subjects:||Australian and New Zealand Standard Research Classification > COMMERCE MANAGEMENT TOURISM AND SERVICES (150000) > ACCOUNTING AUDITING AND ACCOUNTABILITY (150100) > Auditing and Accountability (150102)
Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > INFORMATION SYSTEMS (080600) > Information Systems Management (080609)
|Divisions:||Current > QUT Faculties and Divisions > QUT Business School|
|Copyright Owner:||Copyright 2003 Emerald Publishing|
|Copyright Statement:||Reproduced in accordance with the copyright policy of the publisher.|
|Deposited On:||09 Oct 2006|
|Last Modified:||05 Jan 2011 13:27|
Repository Staff Only: item control page