1. Field of the Invention
The present invention generally relates to object-oriented integrated enterprise wide computing applications, and more particularly to an improved analysis application that utilizes a separations-of-duty matrix to determine conflicting business tasks assigned to users of the application. This tool is intended for use by application auditors and businesses who wish to manage separations of duties within their applications.
2. Description of the Related Art
There are many integrated enterprise wide computing applications that are commercially available. One such scheduling application is SAP R/3 available from SAP AG, Waldorf, Germany. Such applications are commonly an integration of business software that include: financial accounting, order management, supply chain management, etc. Such applications are tailored or configured to meet the business needs of each company and manage a business's resources to increase the business's operating efficiency.
Objected orientated applications utilize transactions (sets of instructions) that operate against a set of data (objects) to perform a desired outcome. To gain access to the data in the system, a person must have a user ID and profile: meaning access to the application and a set of transactions and objects which allows usage. The profile contains the transactions and objects which permit access to any specified data in the system.
However, conventional applications do not determine whether a profile can access data that may create a business conflict, such as the ability to procure items and the ability to ship items. Also, conventional applications do not allow customers to analyze separations-of-duty issues within a profile or when multiple profiles are assigned to one user ID. As a result, profiles are created and used with no automated check for conflicting activities. Therefore, it is common for conventional object-oriented applications to incur separations-of-duty conflicts at a transactional level.
As object oriented applications are customized to each company's business requirements, and each business has its own business rules and guidelines, such systems like SAP cannot supply a standard set of transactions and objects which create business conflicts.