When any one person in your organization has access to too many systems, you could have problems proving that your systems are safe from fraud when it is time for audits.
The SoD Administrator should be a business owner who understands the appropriate access levels for individuals in your company. By creating policies to keep any one person from having too much responsibility, the SoD Administrator enables Identity Governance to identify users with access to company assets that should be reviewed. Having these SoD policies puts access control rules over your business systems to give you the ability to show auditors the automated protection that Identity Governance provides.
When you have active SoD policies, Identity Governance provides the ability to check for violations and warns of violations when executing actions such as performing reviews, defining roles, requesting access, approving access, or examining manual fulfillment requests.
Based on your SoD policies, Identity Governance not only enables you to identify SoD violations in your current data, it also enables you to detect SoD violations that might occur in the future if a set of access requests is fulfilled. When Identity Governance detects potential SoD violations, it lists the violations on the Access Request > Approvals > SoD Violations page if approvals are required. The SoD Administrator or policy owners review the requests to determine whether to resolve or approve the violation. If, based on the global potential SoD violation approval policy or a specific SoD policy, potential violations do not require approvals, Identity Governance sends the requests directly to fulfillment.
For any actual violations of the policies, Identity Governance creates cases and lists them on the Policy > Violations page. The SoD Administrator or policy owners review the cases to determine whether to resolve or approve the violation.
The SoD cases are similar to the standard review process. Instead of a review definition running on a regular schedule, SoD policies run as long as they are active and continuously create cases for violations. For more information about reviews, see Section 23.2, Understanding the Review Process. For more information about SoD violations, SoD cases, and potential SoD violations, see Section 19.0, Managing Separation of Duties Violations.