{"id":11304,"date":"2017-06-22T13:00:00","date_gmt":"2017-06-22T13:00:00","guid":{"rendered":"https:\/\/zapliance.com\/?p=11304"},"modified":"2022-08-26T14:01:17","modified_gmt":"2022-08-26T14:01:17","slug":"5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them","status":"publish","type":"post","link":"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/","title":{"rendered":"5 critical Conflicts of SoD you should avoid \u2013 and how to detect them"},"content":{"rendered":"\n<p>Avoiding and analyzing conflicts of SoD is not easy without third-party tools. That\u2019s why we present an approach you can use to analyze conflicts in SoD without using one of them like&nbsp;<a href=\"https:\/\/zapliance.com\/zap-audit?lang=en\">zap Audit<\/a>. Everything you need to perform the analyses can be found in a standard SAP system. We will set out the approach to adopt for 5 critical SoD conflicts you should prevent in your company.<\/p>\n\n\n\n<p>Duties within an organization are segregated (Segregation of Duties, SoD) to prevent the abuse of critical combinations of operations within a process. The authorization management of a company implements preventive measures to avoid criminal activities by single users. In order to provide these preventive measures against criminal activities, the SoD conflicts have to be identified in the first place. To be able to take these measures, it is necessary to perform an analysis. There are two different approaches to doing this: the proactive approach, which targets analyzing the authorization objects assigned to a user and the reactive approach which detects business transactions which have occurred. Conflicts in SoD appear in various areas of a company, e.g. in the area of Order to Cash (O2C) or Purchase to Pay (P2P).<\/p>\n\n\n\n<p>If a single person performs a combination of critical activities within a process sequence, this is referred to as a conflict of SoD. This means there is a possibility a person did not act in the interests of the company. Conflicts indicate the possibility of several criminal activities being combined. Of course, not every single conflict implies illegal activities on the part of a user. If illegal activities have however indeed occurred within the company, a SoD conflict may very well serve as an indicator of this \u2013 considered in the context of the entire set of rules.<\/p>\n\n\n\n<p>In order to detect SoD conflicts, both conflicting activities have to have been executed by one single user. Illegal activities that were executed by more than one user, e.g. in cooperation between two or more employees, are not taken into consideration here.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">5 critical Conflicts of SoD<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">P2P: Vendor Master Data Maintenance + Vendor Master Data Confirmation<\/h3>\n\n\n\n<p>Users can create and change vendor master data without having to observe the four-eyes principle. Fictitious vendors can be created or bank account information can be changed to redirect payments to a different account. As a compensatory control, the \u201cMaster Data Change Protocol\u201d should be checked before every payment run. You can examine the protocol using the transaction \u201cFK04\u201c. It is necessary to check if the same user has maintained the Master Data and confirmed the change to it. This check should be carried out by a person who does not have authorization to maintain Master Data.<\/p>\n\n\n\n<p>The information about which user created what Master Data is provided in the \u201cLFB1\u201d table. The confirmations of changes to master data are stored in the \u201cCDHDR\u201c table. Restrict the data to the transaction code \u201cFK08\u201d and you will obtain all confirmations with the associated user. By executing the transaction \u201cSQVI\u201c, you can join together both tables for the user. Users who executed both activities are displayed as a result. It is not possible to analyze if a user confirmed the same Master Data that he changed in the \u201cQuick Viewer\u201d. Additional ABAP programming has to be done due to a field type incompatibility for the vendor number in both tables.<\/p>\n\n\n\n<p>List fld. selection:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>LFB1 \u2013 Name of Person who Created the Object<\/li><li>LFB1 \u2013 Account Number of Vendor or Creditor<\/li><li>CDHDR \u2013 Transaction in which a change was made<\/li><li>CDHDR \u2013 User name of the person responsible in change document<\/li><li>CDHDR \u2013 Object class<\/li><li>CDHDR \u2013 Object Value<\/li><\/ul>\n\n\n\n<p>The result shows you whether the four-eyes principle has been sidestepped by any user.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">P2P: Purchase Order Maintenance + Purchase Order Release<\/h3>\n\n\n\n<p>Users could possibly create, change and simultaneously release purchase orders. An effective four-eyes-principle should be implemented for the purchase order process. The combination of both authorizations, that is for the maintenance of the purchase order and for its release, might lead to the issuing of unauthorized purchase orders.<\/p>\n\n\n\n<p>Details of which user created which purchase order are provided in the \u201cEKKO\u201c table. Each purchase order is linked to the user who posted it.<\/p>\n\n\n\n<p>You can find the associated change documents in the \u201cCDHDR\u201c table. Orders can be released by executing one of the following transactions: \u201cME28\u201d, \u201cME29\u201d, \u201cE29N\u201d. To obtain these particular results, restrict the data from the \u201cCDHDR\u201c table to the aforementioned transactions. The result obtained contains all purchase order releases for the corresponding user.<\/p>\n\n\n\n<p>In order to identify a conflict, you can first check if a user has created and confirmed any purchase order. If there is no overlap of users in both tables, there is no conflict of SoD. To take the analysis further, you can once gain use the Quick Viewer transaction \u201cSQVI\u201c and join the tables together with the following restrictions: Table: \u201cEKKO\u201d technical Name \u201cERNAM\u201d with Table: \u201cCDHDR\u201d technical name \u201cUSERNAME\u201d (see Figure 1). Restrict the results from the \u201cCDHDR\u201c table to purchase order release transactions. Select the purchasing document&nbsp;number with the corresponding user and the object value with the corresponding user from the \u201cCDHDR\u201d table. Due to the different object types of the purchasing document number and object value, it is not possible to join both tables for these fields without additional ABAP code. The only way to get the results required is a manual analysis.<\/p>\n\n\n\n<p>List fld. selection:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>EKKO \u2013 Name of Person who Created the Object<\/li><li>EKKO \u2013 Purchasing Document Number<\/li><li>CDHDR \u2013 Transaction in which a change was made<\/li><li>CDHDR \u2013 User name of the person responsible in change document<\/li><li>CDHDR \u2013 Object class<\/li><li>CDHDR \u2013 Object Value<\/li><\/ul>\n\n\n\n<p>The result shows the users who executed both activities. To take the analysis further, you can compare the purchase document number from the \u201cEKKO\u201d table with the object value from the \u201cCDHDR\u201d table. If both values are equal, the corresponding user released his own purchase order: a conflict in the segregation of duties exists.<\/p>\n\n\n\n<p>Comparing the purchase order IDs from both tables with big datasets is very time-consuming. Our advice: Export the result as a .csv file and import the data into e.g. Excel. Filter the data to show only purchasing documents with an equal object value. The SoD results are restricted to the creation of purchase orders. Changes are not taken into account because they are stored in the same \u201cCDHDR\u201d table with the corresponding transactions \u201cME22\/ME22N\u201d as the releases. The Quick Viewer does not allow a single table to be used multiple times so it is not possible to analyze purchase order changes and releases without ABAP programming.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/zapliance.com\/wp-content\/uploads\/Table-join-EKKO-CDHDR-SoD-1.png\" alt=\"\" class=\"wp-image-7289\"\/><\/figure>\n\n\n\n<p>Figure 1: Table join EKKO \u2013 CDHDR for SoD analysis<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">P2P: Purchase Order Maintenance + Goods Receipt Posting<\/h3>\n\n\n\n<p>In this conflict, users can maintain purchase orders and simultaneously post a fictitious goods receipt. It is conceivable that an agreement between the vendor and an employee may have been reached. Users could create a purchase order and subsequently fake the receipt of goods.<\/p>\n\n\n\n<p>Purchase orders with the corresponding users can be found in the \u201cEKKO\u201c table in the \u201cERNAM\u201d field. You can find the user responsible for posting the goods receipt in the \u201cMKPF\u201d table in the \u201cUSNAM\u201d field. It is necessary to check if users created a purchase order and also posted the goods receipt.<\/p>\n\n\n\n<p>Use the \u201cSQVI\u201c transaction to join both tables together for the User. (Table: EKKO Field: ERNAM equals Table: MKPF Field: USNAM). The result contains all users who performed both activities. Because of the different datatypes, you can only check whether the purchase order matches the corresponding goods receipt manually. We recommend that you export the data because of the large volumes of data involved.<\/p>\n\n\n\n<p>Purchase orders are generally only audited above a certain amount and value. If the SoD conditions are not being properly met, cases of fraud then become possible up to a certain threshold. The authorizations for the transactions \u201cME21\u201c, \u201cME21N\u201c, \u201cME22\u201c and \u201cME25\u201c, combined with the authorizations for \u201cMB01\u201c, \u201cMB0A\u201c, \u201cMB1A\u201c or \u201cMIGO\u201c, are critical because users can then issue both purchase orders and goods receipts.<\/p>\n\n\n\n<p>List fld. selection:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>EKKO \u2013 Name of Person who Created the Object<\/li><li>EKKO \u2013 Purchasing Document Number<\/li><li>EKKO \u2013 Company Code<\/li><li>MKPF \u2013 User name<\/li><li>MKPF \u2013 Transaction Code<\/li><li>MKPF \u2013 Reference Document Number<\/li><\/ul>\n\n\n\n<p>The analysis includes only the conflicts resulting from creating a purchase order, not changing it. An extension of this that also takes changes in purchase orders into consideration is difficult to build since the whole Change Log has to be included in the analysis.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">O2C: Customer Master Data Maintenance + Entry of\/Changes to Sales Orders<\/h3>\n\n\n\n<p>Wide-ranging authorizations of a single user in the order-to-cash area can also lead to conflicts of interest: Users with the authorizations to maintain customer master data and sales orders could create fictitious customers with fake bank information. There is a possibility to show a credit and subsequently redirect payments to one\u2019s own account.<\/p>\n\n\n\n<p>Customer Master Data is stored in the table \u201cKNA1\u201c. In order to create or change customer master data, the transactions \u201cFD01\u201d, \u201dFD02\u201d, \u201cXD01\u201d or \u201cXD02\u201d are performed. The \u201cVBAK\u201d table contains all sales orders. Sales orders can be created by using the transactions \u201cVA01\u201d or \u201cVA02\u201d.<\/p>\n\n\n\n<p>To perform the analysis, join both tables together using the \u201cSQVI\u201c transaction on the user (Table: KNA1 Field: ERNAM and Table: VBAK Field: ERNAM). Additionally join the customer from both tables (Table: KNA1 Field: KUNNR and Table: VBAK Field: KUNNR) (see Figure 2).<\/p>\n\n\n\n<p>The result contains the users who created a sales order and the corresponding customer.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/zapliance.com\/wp-content\/uploads\/Table-join-KNA1-VBAK-SoD-1.png\" alt=\"\" class=\"wp-image-7291\"\/><\/figure>\n\n\n\n<p>Figure 2: Table join KNA1 \u2013 VBAK for SoD analysis<\/p>\n\n\n\n<p>List fld. selection:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>KNA1 \u2013 Name of Person who Created the Object<\/li><li>KNA1 \u2013 Customer Number<\/li><li>VBAK \u2013 Sold-to party<\/li><li>VBAK \u2013 Name of Person who Created the Object<\/li><\/ul>\n\n\n\n<p>As in the other case, this analysis is limited to creations and not changes of customer master data, since otherwise the whole change log would have to be included (see conflicts 1-3).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">P2P: Purchase Order Maintenance + Payment Run Execution<\/h3>\n\n\n\n<p>Another conflict in SoD may occur due to the combination of purchase order maintenance and the execution of payment runs. When performing the \u201cMIRO\u201d transaction, e.g. the bank data of the one-time vendor can be changed. If users are also authorized to execute payment runs, this may lead to unapproved invoices being paid unnoticed by the company.<\/p>\n\n\n\n<p>Executing the \u201cMIRO\u201d (Invoice posting) or \u201cFB01\u201d (GL posting) transactions and simultaneously executing payment runs with e.g. transaction \u201cF110\u201d is another indicator of a possible SoD conflict.<\/p>\n\n\n\n<p>The \u201cBKPF\u201d table shows, amongst other things, the vendor invoices created with the transactions \u201cMIRO\u201d and \u201cFB01\u201d. The clearing documents for the vendor statements can be found in the \u201cBSEG\u201d (Accounting document segment) table. However, since no transaction codes are listed in the \u201cBSEG\u201d table, the transaction codes for the clearing documents must be exported from the \u201cBKPF\u201d table in a second step.<\/p>\n\n\n\n<p>First, link the \u201cBKPF\u201d and \u201cBSEG\u201d tables together using the accounting document numbers (BELNR), the company code (BUKRS) and the fiscal year (GJAHR). Use the selection fields to restrict the result to the transactions \u201cFB01\u201d and \u201cMIRO\u201d. Then export the result, e.g. to Excel. Unfortunately there is no other way of joining&nbsp;<\/p>\n\n\n\n<p>As a second step, you have to export a selection from the \u201cBKPF\u201d table, limited to the TCODE \u201cF110\u201d via transaction \u201cSE16N\u201d. Only the technical fields BELNR, BUKRS, GJAHR, USNAM and TCODE are required for the purposes of the analysis. Then, you connect the first export using the fields 1.BSEG.AUGBL, BSEG.AUGGJ and 1.BSEG.BUKRS with the second result 2.BKPF.BELNR, BKPF.GJAHR and 2.BKPF.BUKRS.<\/p>\n\n\n\n<p>List fld. selection:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>BKPF \u2013 Accounting Document Number<\/li><li>BKPF \u2013 Company Code<\/li><li>BKPF \u2013 User name<\/li><li>BKPF \u2013 Transaction Code<\/li><li>BSEG \u2013&nbsp;Document Number of the Clearing Document<\/li><li>BSEG \u2013&nbsp;Fiscal Year of Clearing Document<\/li><\/ul>\n\n\n\n<p>If the \u201cUSNAM\u201d field has the same value in both fields of the new result table, a SoD conflict is present and the user has executed two activities: posting of the invoice and triggering of the payment run.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>In certain cases, it is either difficult or impossible to evaluate SoD conflicts without ABAP programming or third-party tools. At no point was possible it to detect SoD conflicts triggered by changes to data for instance. This leads to incomplete results. However, many cases can still be identified and this constitutes a good initial step in the direction of a clean and conflict-free system with regard to SoD.<\/p>\n\n\n\n<p>Manual auditing of SOD conflicts comes up against a large number of restrictions. If an obligatory SOD has been identified, then it is only possible in a very minimal number of cases to determine whether it has actually taken place in the same process sequence and thus constitutes a determined finding for the purposes of the audit. As a result, zap Audit is the perfect solution as it allows you to conduct an analysis of segregation of duties based on transaction codes and actual conflicts. The integrated mining of financial processes reconstructs entire process sequences and serves as the basis for the analysis. This not only eliminates restrictions, but also efficiently reduces false positives. This article presents only one of 125 audit questions from zap audit.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Avoiding and analyzing conflicts of SoD is not easy without third-party tools. That\u2019s why we present an approach you can use to analyze conflicts in SoD without using one of them like&nbsp;zap Audit. Everything you need to perform the analyses can be found in a standard SAP system. We will set out the approach to [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":10699,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"categories":[38,37,40],"tags":[],"class_list":["post-11304","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-en-audit","category-en-compliance","category-en-finance"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>5 critical Conflicts of SoD you should avoid \u2013 and how to detect them - zapliance<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"5 critical Conflicts of SoD you should avoid \u2013 and how to detect them - zapliance\" \/>\n<meta property=\"og:description\" content=\"Avoiding and analyzing conflicts of SoD is not easy without third-party tools. That\u2019s why we present an approach you can use to analyze conflicts in SoD without using one of them like&nbsp;zap Audit. Everything you need to perform the analyses can be found in a standard SAP system. We will set out the approach to [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/\" \/>\n<meta property=\"og:site_name\" content=\"zapliance\" \/>\n<meta property=\"article:published_time\" content=\"2017-06-22T13:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-08-26T14:01:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/08\/Blog-Dummy.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2400\" \/>\n\t<meta property=\"og:image:height\" content=\"962\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Lukas Mueller\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lukas Mueller\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/\"},\"author\":{\"name\":\"Lukas Mueller\",\"@id\":\"https:\/\/zapliance.com\/en\/#\/schema\/person\/4bfb4eaf0d67e7fc1ffc588d319cd7e3\"},\"headline\":\"5 critical Conflicts of SoD you should avoid \u2013 and how to detect them\",\"datePublished\":\"2017-06-22T13:00:00+00:00\",\"dateModified\":\"2022-08-26T14:01:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/\"},\"wordCount\":2208,\"publisher\":{\"@id\":\"https:\/\/zapliance.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/08\/Blog-Dummy.png\",\"articleSection\":[\"Audit\",\"Compliance\",\"Finance\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/\",\"url\":\"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/\",\"name\":\"5 critical Conflicts of SoD you should avoid \u2013 and how to detect them - zapliance\",\"isPartOf\":{\"@id\":\"https:\/\/zapliance.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/08\/Blog-Dummy.png\",\"datePublished\":\"2017-06-22T13:00:00+00:00\",\"dateModified\":\"2022-08-26T14:01:17+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/#primaryimage\",\"url\":\"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/08\/Blog-Dummy.png\",\"contentUrl\":\"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/08\/Blog-Dummy.png\",\"width\":2400,\"height\":962},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\/\/zapliance.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"5 critical Conflicts of SoD you should avoid \u2013 and how to detect them\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/zapliance.com\/en\/#website\",\"url\":\"https:\/\/zapliance.com\/en\/\",\"name\":\"zapliance\",\"description\":\"Be the agent of change\",\"publisher\":{\"@id\":\"https:\/\/zapliance.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/zapliance.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/zapliance.com\/en\/#organization\",\"name\":\"zapliance\",\"url\":\"https:\/\/zapliance.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/zapliance.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/06\/zap_logo.svg\",\"contentUrl\":\"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/06\/zap_logo.svg\",\"width\":200,\"height\":45,\"caption\":\"zapliance\"},\"image\":{\"@id\":\"https:\/\/zapliance.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/zapliance.com\/en\/#\/schema\/person\/4bfb4eaf0d67e7fc1ffc588d319cd7e3\",\"name\":\"Lukas Mueller\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/zapliance.com\/en\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/08\/avatar_user_12_1661960923-96x96.jpg\",\"contentUrl\":\"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/08\/avatar_user_12_1661960923-96x96.jpg\",\"caption\":\"Lukas Mueller\"},\"url\":\"https:\/\/zapliance.com\/en\/blog\/author\/lukas-mueller\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"5 critical Conflicts of SoD you should avoid \u2013 and how to detect them - zapliance","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/","og_locale":"en_US","og_type":"article","og_title":"5 critical Conflicts of SoD you should avoid \u2013 and how to detect them - zapliance","og_description":"Avoiding and analyzing conflicts of SoD is not easy without third-party tools. That\u2019s why we present an approach you can use to analyze conflicts in SoD without using one of them like&nbsp;zap Audit. Everything you need to perform the analyses can be found in a standard SAP system. We will set out the approach to [&hellip;]","og_url":"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/","og_site_name":"zapliance","article_published_time":"2017-06-22T13:00:00+00:00","article_modified_time":"2022-08-26T14:01:17+00:00","og_image":[{"width":2400,"height":962,"url":"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/08\/Blog-Dummy.png","type":"image\/png"}],"author":"Lukas Mueller","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Lukas Mueller","Est. reading time":"13 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/#article","isPartOf":{"@id":"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/"},"author":{"name":"Lukas Mueller","@id":"https:\/\/zapliance.com\/en\/#\/schema\/person\/4bfb4eaf0d67e7fc1ffc588d319cd7e3"},"headline":"5 critical Conflicts of SoD you should avoid \u2013 and how to detect them","datePublished":"2017-06-22T13:00:00+00:00","dateModified":"2022-08-26T14:01:17+00:00","mainEntityOfPage":{"@id":"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/"},"wordCount":2208,"publisher":{"@id":"https:\/\/zapliance.com\/en\/#organization"},"image":{"@id":"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/#primaryimage"},"thumbnailUrl":"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/08\/Blog-Dummy.png","articleSection":["Audit","Compliance","Finance"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/","url":"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/","name":"5 critical Conflicts of SoD you should avoid \u2013 and how to detect them - zapliance","isPartOf":{"@id":"https:\/\/zapliance.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/#primaryimage"},"image":{"@id":"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/#primaryimage"},"thumbnailUrl":"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/08\/Blog-Dummy.png","datePublished":"2017-06-22T13:00:00+00:00","dateModified":"2022-08-26T14:01:17+00:00","breadcrumb":{"@id":"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/#primaryimage","url":"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/08\/Blog-Dummy.png","contentUrl":"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/08\/Blog-Dummy.png","width":2400,"height":962},{"@type":"BreadcrumbList","@id":"https:\/\/zapliance.com\/en\/blog\/5-critical-conflicts-of-sod-you-should-avoid-and-how-to-detect-them\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/zapliance.com\/en\/"},{"@type":"ListItem","position":2,"name":"5 critical Conflicts of SoD you should avoid \u2013 and how to detect them"}]},{"@type":"WebSite","@id":"https:\/\/zapliance.com\/en\/#website","url":"https:\/\/zapliance.com\/en\/","name":"zapliance","description":"Be the agent of change","publisher":{"@id":"https:\/\/zapliance.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zapliance.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zapliance.com\/en\/#organization","name":"zapliance","url":"https:\/\/zapliance.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zapliance.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/06\/zap_logo.svg","contentUrl":"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/06\/zap_logo.svg","width":200,"height":45,"caption":"zapliance"},"image":{"@id":"https:\/\/zapliance.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zapliance.com\/en\/#\/schema\/person\/4bfb4eaf0d67e7fc1ffc588d319cd7e3","name":"Lukas Mueller","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zapliance.com\/en\/#\/schema\/person\/image\/","url":"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/08\/avatar_user_12_1661960923-96x96.jpg","contentUrl":"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/08\/avatar_user_12_1661960923-96x96.jpg","caption":"Lukas Mueller"},"url":"https:\/\/zapliance.com\/en\/blog\/author\/lukas-mueller\/"}]}},"views":16136,"_links":{"self":[{"href":"https:\/\/zapliance.com\/en\/wp-json\/wp\/v2\/posts\/11304","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zapliance.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zapliance.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zapliance.com\/en\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/zapliance.com\/en\/wp-json\/wp\/v2\/comments?post=11304"}],"version-history":[{"count":1,"href":"https:\/\/zapliance.com\/en\/wp-json\/wp\/v2\/posts\/11304\/revisions"}],"predecessor-version":[{"id":11305,"href":"https:\/\/zapliance.com\/en\/wp-json\/wp\/v2\/posts\/11304\/revisions\/11305"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zapliance.com\/en\/wp-json\/wp\/v2\/media\/10699"}],"wp:attachment":[{"href":"https:\/\/zapliance.com\/en\/wp-json\/wp\/v2\/media?parent=11304"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zapliance.com\/en\/wp-json\/wp\/v2\/categories?post=11304"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zapliance.com\/en\/wp-json\/wp\/v2\/tags?post=11304"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}