A Framework For Separation Of Duties In An SAP R/3 Evironment

Little, Adam G. & Best, Peter J. (2003) A Framework For Separation Of Duties In An SAP R/3 Evironment. Managerial Auditing Journal, 18(5), pp. 419-430.

View at publisher


The majority of medium-to-large international organizations have adopted enterprise resource planning systems (ERPs) of which SAP R/3 is the current market leader. This paper proposes a framework for the separation of duties in SAP R/3. Separation of duties is viewed as a critical component of an organization’s internal control structure aimed primarily at reducing opportunities for fraudulent activities. R/3 assigns profiles consisting of authorizations to users. Accordingly, R/3 facilitates the implementation of ‘role-based access control’, where these profiles may be designed consistent with organizational roles and assigned to users performing these roles. This paper proposes a framework for adequate separation of duties using a role-based approach in the Financial Accounting (FI) module of the R/3 system. Case studies were undertaken to refine the framework and to explore its application in a practical environment. This empirical research provided support for the adequacy of the proposed framework.

Impact and interest:

2 citations in Scopus
Search Google Scholar™

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

Full-text downloads:

14,012 since deposited on 09 Oct 2006
1,407 in the past twelve months

Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.

ID Code: 5182
Item Type: Journal Article
Refereed: Yes
Keywords: Role, Based Access Control, SAP R/3, Separation of Duties, Fraud, Authorization, Security
DOI: 10.1108/02686900310476882
ISSN: 0268-6902
Subjects: Australian and New Zealand Standard Research Classification > COMMERCE MANAGEMENT TOURISM AND SERVICES (150000) > ACCOUNTING AUDITING AND ACCOUNTABILITY (150100) > Auditing and Accountability (150102)
Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > INFORMATION SYSTEMS (080600) > Information Systems Management (080609)
Divisions: Current > QUT Faculties and Divisions > QUT Business School
Copyright Owner: Copyright 2003 Emerald Publishing
Copyright Statement: Reproduced in accordance with the copyright policy of the publisher.
Deposited On: 09 Oct 2006 00:00
Last Modified: 05 Jan 2011 13:27

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page