Browse Prior Art Database

System and Method for Separation of Duties

IP.com Disclosure Number: IPCOM000033495D
Original Publication Date: 2004-Dec-13
Included in the Prior Art Database: 2004-Dec-13
Document File: 4 page(s) / 32K

Publishing Venue

IBM

Abstract

Disclosed is a Lotus Notes Separation of Duties, a system and method for organizational and departmental separation of duties.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 42% of the total text.

Page 1 of 4

System and Method for Separation of Duties

This application will serve to automate the process whereby a Separation of Duties Matrix (S.O.D.) is created and maintained. Currently, departments use a variety of methods to create and maintain these required documents including the Corporate Generic S.O.D. Matrix tool (a Lotus 1,2,3 spreadsheet).

In addition, this application incorporates an automated workflow approval to ensure that Managers review the S.O.D. matrix on an annual basis at the minimum. A report can be generated and automatically e-mailed to Managers providing details on the status of compliance. Users can choose to have the report generated monthly, quarterly, semiannually, annually, or opt for no reporting.

Overview -

The Department Manager or a designated Team Leader will create a profile for their department. A facility will exist to identify optional Business Areas within the department and to provide others within the department with the ability to create and maintain records. The profile will also allow each department to determine the schedule for review of the S.O.D. matrix. The minimal allowable period will be annually. An agent will run to automatically notify managers when review and approval is due. If the profile is created by someone other than the manager, then the manager will be notified to review the profile. Delegate managers (defined in this context as managers within the same organization) will have authority to approve the S.O.D. matrix in the event of a Manager's absence. If the profile is deleted, all the associated documents (e.g., tasks and employees) belonging to that organization will also be deleted.

After the profile is created, tasks are identified. These tasks fall into two main categories - system and activity. System tasks are those that are specifically tied to accessing applications/data on computer systems (e.g., SAP, legacy systems, etc.). Activity tasks are defined as manual processes (e.g., badge access to crib). The task document records any other tasks that are in conflict with the defined task. Once a task document has been saved, the only information than can be edited is the task conflicts.

After the tasks and the associated task conflicts have been identified, employee documents are created. The employee documents identify which tasks each employee performs within the organization. Any conflicting tasks are flagged, and a Secondary Control statement must be provided in order for the record to be saved. Employee records will be updated automatically to reflect changes in task conflicts. If a new conflict is created based on a change in the tasks, an e-mail will be sent to the Department Manager allowing him/her to update the employee profile. In addition, a message will alert the user modifying the tasks that a conflict has been created.

In addition to the notification that the S.O.D. Matrix is due for review, a report will be generated and automatically sent to Department M...