The much-maligned Sarbanes-Oxley Act of 2002 almost single-handedly created the software category known today as governance, risk, and compliance, and a recent high-profile implementation has turned a spotlight on one tool in that product toolkit: segregation of duties software.
Global engineering and automation conglomerate Siemens recently announced its selection of a company called Security Weaver for its global Segregation of Duties (SoD) software platform. Siemens' decision follows a year in which the company had to deal with a bribery scandal that involved kickback payments for contracts and cost numerous Siemens executives their jobs.
The need for SoD software is greatest in large, complex companies that are exposed to high degrees of regulatory and investor scrutiny. Security Weaver's eponymous SoD application and others like it act as automated cops, policing established business rules that govern which employee has permission to perform which task in an enterprise system.
An employee, for example, should not be able to create a new vendor in an ERP system and subsequently make payments to that vendor. "If someone has authorization to do both, there's a potential for fraud there," said John Hagerty, a research vice president at AMR Research, who covers the GRC space.