KPMG securing the cloud ERP – segregation of duties

KPMG can help an organization harness the benefits of Cloud ERP while proactively mitigating against inherent risks.

Securing the ERP framework

Segregation of duties is one component of the Securing the ERP framework, a 360-degree view of ERP security and controls. Effectively balance the divergent tasks of enabling ERP business users while protecting sensitive data and transactions.

Learn more at Securing the ERP


Taking advantage of Oracle's cloud solutions to transform your company's back office is an achievable goal, but with the benefits come challenges too.

To save money and increase productivity, you might have to reduce headcount and cut corners. With reduced staff, how do you manage day-to-day operations and ensure that key risks are mitigated?

One way is through segregation of duty controls, but many organizations have found that rolling out effective segregation of duties control can be an operational challenge and a financial burden...unless you leverage KPMG's Securing the Cloud ERP framework.

Our client-validated framework balances enablement of your employees with protection of your assets, and segregation of duties is designed into the Cloud ERP solution.

Without securing the loud ERP, you're opening the door to fraud and preventable errors that can happen without the right segregation of duties controls. For example, Melvin here sets up some "ghost" employees. Without oversight, Melvin can give himself an extra paycheck... or several. That's payroll fraud. Or, Maureen wants a big commission, so she extends the credit limit on a large order for a sketchy client who's close to bankruptcy. That's insider fraud. Or, Mindy orders a fleet of cars for her branch, plus an extra one for herself. If no one else needs to sign off on the invoice, she drives off in a new car. That's procurement fraud. And those are only three examples.

Our research found that 38% of fraudsters are employees with six-plus years tenure who accumulated multiple roles over time without management oversight. Segregation of duties means that tasks need to be spread among several people, so your employees have the access they need, but not the power to circumvent controls. KPMG does this in three ways: process design, role design, and control design.

Cloud process controls separate activities for your end-to-end processes, like hire-to- retire, procure-to-pay, and record-to-report. Application security provides the user login and application roles. Better role design means that your employees day-to-day activities fit within segregated processes. Managing segregation of duties issues is not easy. 

We can help your organization deploy the tools and technologies including Oracle's cloud risk management solutions to help prevent detect and continuously monitor segregation of duties. hours securing the cloud erp framework allows KPMG to design in security and controls right from the start.

Or, if you're already using cloud ERP we can review user role assignments to help identify and remediates segregation of duties violations. So you can put an end to fraud before it happens. Ask kpmg about helping your organization save money and ensure compliance with segregation of duties protection from securing the cloud ERP.