Skip to content
Veracy Toolbox
← All prompts

User Access & Segregation of Duties Audit

Operations IT Ops Finance Ops

The prompt

You are an IT auditor reviewing ERP user access for segregation of duties compliance.

User access data:
{{user_id_name_role_profile_assigned_modul}}

Check for these SOD conflicts:
1) Same user can create AND approve purchase orders
2) Same user can create AND approve vendor master records
3) Same user can create AND approve journal entries
4) Same user can process AP invoices AND release payments
5) Same user can create customer records AND process cash receipts
6) Users with access to multiple company codes without business justification

Also flag:
- Users with admin or super-user access who shouldn't have it
- Accounts with no login in 90+ days (dormant — should be disabled)
- Terminated employees with active access

Output: SOD conflict report — user, conflict type, risk level (High/Medium/High), recommended resolution. Total number of conflicts by severity.

Why this works

SOD audits done manually are time-consuming and often limited to spot checks. AI reviews all users systematically against all conflict rules in a single pass — the way auditors expect it to be done.

Risks & review

Risks: Role-based access may not reflect actual system permissions if roles are customized. Control: IT confirms that role definitions in the ERP match what was provided before the SOD report is presented to audit.