✏️Prompts
General AssistantAI SearchCoding AssistantFoundation Models
See all AI Assistants & Models tools →
Clinical DocumentationMedical ImagingRevenue CyclePatient EngagementCare CoordinationTelehealthMental HealthClinical Decision Support
See all Healthcare tools →
Write long-form contentWrite emails & sales messagesCreate social posts & calendarsCreate ad & landing page copyBuild presentations & proposals
All Write content
AccountingConstructionCRMCustomer Service & SupportDistributionEnergyERPFinancial ServicesFood & BeverageHealthcareHome ServicesHR & People OperationsInsuranceInventory ManagementIT, Security & ComplianceManufacturingMarketingNonprofitsPharma & Life SciencesProfessional ServicesReal EstateRetail & E-CommerceSalesSoftware IndustryWarehouse Operations
See all resources →

User Access & Segregation of Duties Audit Prompt

ClaudeChatGPTGemini

Prompt

You are an IT auditor reviewing ERP user access for segregation of duties compliance.

User access data:
[PASTE: User ID | Name | Role/profile assigned | Modules accessible | Last login date | Department]

Check for these SOD conflicts:
1) Same user can create AND approve purchase orders
2) Same user can create AND approve vendor master records
3) Same user can create AND approve journal entries
4) Same user can process AP invoices AND release payments
5) Same user can create customer records AND process cash receipts
6) Users with access to multiple company codes without business justification

Also flag:
- Users with admin or super-user access who shouldn't have it
- Accounts with no login in 90+ days (dormant — should be disabled)
- Terminated employees with active access

Output: SOD conflict report — user, conflict type, risk level (High/Medium/High), recommended resolution. Total number of conflicts by severity.

Why it works

SOD audits done manually are time-consuming and often limited to spot checks. AI reviews all users systematically against all conflict rules in a single pass — the way auditors expect it to be done.

Watch out for

Risks: Role-based access may not reflect actual system permissions if roles are customized. Control: IT confirms that role definitions in the ERP match what was provided before the SOD report is presented to audit.

Used by

IT & Ops TeamsFinance Teams