Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Did you know? How you can associate a mitigating control to a SoD risk?

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 01:24 PM

Originally posted on September 28 2020 at 07:34 UTC

  1. What is a SOD and why do you need to mitigate a sod risk?

Segregation of duties (SOD), also called separation of duties, refers to a set of preventive internal controls in a company’s compliance policy that mitigates the risk of error and fraud in accounting and financial statements by requiring more than one person to complete a transaction-based task.

You can use mitigation controls when it is not possible to separate Segregation of duties SoD from the business process. For example, a single user has access to and performs the tasks of accepting cash payments and recording the payments. You need a mitigating control to prevent fraud – for example, we may specify that a second user must perform a reconciliation, reviewing the cash against the recorded transaction


  1. How can you mitigate a SoD risk in SSM?
  1. Approver can do a Preventive Risk Mitigation during access request approval when a toxic combination of accesses is being requested
  2. SoD Risk Owner can do a Detective Risk Mitigation from SOD workbench once the identity and access are reconciled to SSM’s identity store from target applications
  1. What are Pre-mitigated Associations?

You can set up a mitigation control for a risk to be effective for a time interval as in below screenshot. Any user account violating the risk will be automatically mitigated for the defined time period both in preventative and detective SoD evaluation


  1. What are Recommended Associations?

You can set up recommended mitigating controls for mitigating a risk as seen below that would be helpful for the SoD owner when mitigating the risk


  1. What are Assigned Associations?

All the risks mitigated are seen under Assigned associations in a mitigating control definition


  1. How long will the SoD risk be in “Risk Accepted” status once Mitigated?

Risk will be in “Risk Accepted” status until the Mitigating control End Date passes


  1. Can you bulk mitigate risks in SSM?
  1. Risk owners can bulk mitigate risks by selecting the risks from SOD workbench and moving it to “Risk Accepted” status by associating the mitigating control for a defined time period
  2. Risk owners can also bulk mitigate risks by uploading a ruleset file with Mitigating control associations populated in the ruleset excel file



This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos
1 REPLY 1

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 03:13 PM

Originally posted on September 29 2020 at 04:36 UTC

Thanks Aarthi.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos
Copyright © 2024 Khoros, LLC