Workday SoD/SA Assessment Solution

A tool to automate control systems, manage segregation of duties and enhance outcomes

In today's world of increasing cyber security and access control risks fuelled by cloud adoption, it is critically important for organizations to understand and monitor the effectiveness of their access controls over Workday. Testing segregation of duties (SoD), sensitive access (SA), and conducting security assessments can be challenging and time-consuming if done manually.

To help companies with the challenges of managing their control systems, PwC’s SoD/SA Assessment Solution is an automated tool for testing, identifying and evaluating access violations related to segregation of duties and sensitive access.

With its comprehensive dashboarding and reporting capabilities, the tool offers insights into user access rights, security group conflicts, exposed risk areas and potential vulnerabilities in your Workday configuration. It enables you to reduce the cost of compliance, overcome the challenges of manual monitoring of your control systems and gain enhanced transparency over your Workday environment.

Our approach

Our approach streamlines Workday security assessments by quickly finding and addressing conflicts to reduce risks arising from errors or even fraud. By actively seeking out and resolving access issues, we help you better manage your control systems and protect against segregation of duties and sensitive access violations.

Using our proprietary library of SoD/SA rule sets and business abilities mapping to Workday functionality (business processes and domains), we tailor assessments to your specific Workday configuration, automating testing and generating valuable data for decision making. The tool quickly identifies anomalies, enhancing control systems and safeguarding systems against access breaches.

Key benefits you can expect:

Efficiency

Conduct testing of SoD/SA controls quickly with less risk of manual errors, reducing your overall cost of compliance and unlocking capacity for Internal Audit and Compliance teams to focus on strategic activities.

Compliance

Addressing SoD/SA controls enables regulatory requirements and industry standards to be met, reducing potential audit findings or deficiencies.

Improved analytics and reporting

Detailed reporting, predictive analytics, and user-friendly dashboards to easily detect anomalies and enhance transparency.

How we can help

Workday controls advisory

We help you remain compliant and stay ahead of risks by:

Assessing your Workday controls environment more broadly and providing feedback on whether key risk areas have been appropriately addressed with sufficient controls;
Providing feedback on whether your Workday configuration is aligned to leading industry and security standards to mitigate your risk exposure and comply with regulatory requirements, such as the Sarbanes-Oxley Act (SOX);
Identifying control automation opportunities to increase efficiencies, reduce manual effort and improve auditability.

Leading practice rule set

PwC’s SoD/SA Assessment Solution gives you access to leading practice controls and rules to be enforced, monitored and tested. These rules cover all Workday modules, including finance, human capital management and payroll.

We’ll work with you to define the scope of SoD/SA rules to be tested. We’ll also tailor the rule set to fit your needs, taking into account any custom rules you want to test.

Root cause analysis and remediation

We’ll inform you of the root cause of each conflict, which may stem from poor Workday configuration, inappropriate role assignments or lack of business controls to mitigate the risk.

We’ll also work with you to create a remediation plan to eliminate the conflicts, including proposed configuration changes or other compensating controls.