Microsoft Dynamics vendors provide comparisons and opinions to professionals in the ERP/Accounting software selection process


Fastpath Team

Increased Security with Fastpath Assure

Email | Print

SoD (Segregation of Duties, or Separation of Duties) is a security measure that involves requiring the input of more than one person in completing a task. This internal control is designed to prevent error and fraud. In politics, it is referred to as the separation of powers.

Dynamics AX 2012/Dynamics 365 for Finance and Operations (D365FO) has an out-of-the-box feature that allows you to set up segregation of duties (SoD). Fastpath Assure provides additional features.

So, how does Microsoft Dynamics AX/D365FO’s SoD feature compare to that offered by FastPath?

SoD Analysis at Duty Level vs. Object Level

In Dynamics AX/D365FO, SoD rules come into play at the duty level on the role, duty, privilege security scale. An individual user with access to two duties on the same level would constitute an SoD conflict.

Performing SoD analysis at the duty level introduces such problems as leaving loopholes, allowing rules to be circumvented. Or, false positives or negatives could be generated when security changes are made. This means constant reanalysis of security rules. SoD must be repeatedly reviewed after each change at the duty or privilege level and can quickly become unmanageable

At Fastpath, we take another approach. We review and administer SoD at a functional/object level. A business process is a series of objects that allows a user (or role) to perform a task. In Dynamics AX/D365FO, these business processes would be made up of menu items, data entities, tables, services operations, etc., that allow a user to edit a particular business area. We analyze these business processes to identify SoD conflicts.

When you perform a Segregation of Duties analysis at the object level, rather than at the duty level, there is no way to sidestep the rules, and you eliminate the risk of false positives or false negatives when security changes are made.

It doesn’t matter what changes you make to roles, duties, or privileges. Fastpath Assure processes all those changes and extracts what objects or processes each user or role has access to. That is the information used in the Segregation of Duties analysis.

Auditors looking for greater detail in function/object SoD, rather than duty-based SoD analysis are coming to rely on the increased security of Fastpath’s application: Fastpath Assure.


There are no rulesets available with Dynamics AX/D365FO, so customers must construct their own rulesets from the ground up. They have to identify and build their own rules one by one. Within Fastpath Assure®, there are almost 100 rules that come with the application. These rules have been developed by our internal audit team and audit partners over the past 14 years, to provide a cross-industry best-practice ruleset based on ISACA principals and COSO framework. Importantly, Fastpath Assure’s ruleset is the same as that used adopted by many of the world’s leading accounting firms to support audit testing around SoD for their clients.

Customizable SoD Ruleset

The Separation of Duties ruleset in Fastpath Assure can be modified at the business process level, allowing it to be customized to your business requirements. It’s very flexible. The platform also allows for more than two business processes to be in conflict if that is the way you have set it up.

No two businesses are exactly the same in their design and use of internal controls, so flexibility is an important feature.

User and Role Conflict Reporting

Dynamics AX/D365FO has an SoD conflict report, which can only be produced at the user level. You must identify existing conflicts and manually mitigate them and document the mitigation for each entry. Since most businesses have some level of conflict, the mitigation and documentation process can be costly in terms of time and resources. Additionally, without the ability to automatically schedule these types of reports for review, the process to review conflicts becomes labor intensive and fraught with risk. And because the review is taking place only at the user level, reporting will be incomplete.

With Fastpath Assure, you have detailed conflict reporting at both a user and role level, allowing your reports to be complete. The level of detail provided will be invaluable should an auditor need details about a conflict.

At the user conflict level, mitigations can be applied using a built-in control library that can be customized by users. Multiple mitigations can be applied and documented. Auditors can see a control library, and time is not wasted with manual documentation.

Fastpath Assure offers additional features

Fastpath Assure also offers signature log report signoff. Each report can be generated and signed, identifying the users, date, time, and notes. These reports are valuable to auditors. Reports can be scheduled for periodic delivery to users’ mailboxes in various file formats such as XLSX, PDF, or CSV.

Fastpath Assure’s access certifications allow scheduling of periodic and speedy reviews of all SoD conflicts with documentation to show that they have been completed.

Fastpath Assure is a cloud based, cross platform tool designed to manage security and compliance within and across your business software. It has an intuitive design with easy to read and understand reports for faster and more efficient auditing.

Fastpath Assure’s additional features that do not exist within the native Dynamics AX/D365FO functionality and that allow you to increase the effectiveness and security of your Dynamics AX/D365FO environment.

If you're interested in learning more about how Fastpath Assure can help with Dynamics AX/D365FO security, visit our resources for AX/D365FO or contact our experts at Fastpath.

By Fastpath,

Ask This Expert a Question / Leave a Comment