2 min read

The segregation of duties-problem in Infor M3 – and how to fix it

Picture of Jon Marius Roald Jon Marius Roald Mar 31, 2025 2:26:12 PM

Infor M3 Security compliance
The segregation of duties-problem in Infor M3 – and how to fix it

Auditing Infor M3 users’ roles for conflicts of interests can feel like solving a 5.000-piece puzzle without a picture to guide you. This cloud product shows you a way out of the dark.

 

Frustrating as it may be, conducting a segregation of duties (SOD) analysis is crucial to prove compliance in Infor M3. Especially when audit season comes around, or worse – if you have a security incident. You’ll wish you had done it yesterday.

 

Why you can’t ignore it

For starters, auditors demand proof that duties are properly segregated, and you’ll risk failed audits and fines of you can’t prove compliance. But SOD is for your own safety, too. It keeps you safe from fraud happening in your company.

So why are people skipping it?

– Well, mainly because it is difficult and extremely time consuming, says Martin Hilmersson of Vince, who has decades of compliance experience.

– First, you have to go through all the M3 functions and decide which ones are in conflict with each other. Then, you have to go through all your users and see if anyone have roles including conflicting functions. I've seen companies wrestle with SOD spreadsheets for days and weeks on end.

Well, had to be done manually. There are ways to make the pain go away.

 

What is a SOD analysis?

A SOD analysis means making sure none of your ERP users have permissions to both carry out and approve the same critical task. It’s your best defense against fraud and error.

For example, if one person can both create a vendor and approve payments, they could administer payouts to a fake supplier.

 

How to skip the manual work

Cutting down on the manual work needed in today’s SOD-analyses will remove much of the frustration, too. According to Hilmersson, if you remove the manual work, you can perform analysis much faster and reduce the probability of error drastically.

The Vince Segregation of duties module for Infor M3 does just that, he explains:

– First of all, our cloud-based SOD-module comes with pre-configured SOD rules that you can put to use right away. They are tested by many of our customers, so you sleep well knowing you haven’t missed a critical gap in your permissions.

– Then you just run the analysis with the push of a button, and get the result in a matter of seconds.

 

"We’ve seen companies wrestle with segregation of duties spreadsheets for days and weeks on end"

 

Everything in one place

One of the big perks with the Vince SOD module, explains Hilmersson, is getting everything in one, tidy interface instead of juggling multiple windows and spreadsheets.

– You define the rules, run the analysis, get the results and resolve any violations right there in your SOD workspace.

– Fewer late nights, fewer spreadsheets, fewer mistakes and less frustration. Just a efficient and foolproof method of keeping your M3 environment safe – that’s what we offer, says Hilmersson.

 

Curious to see how it works?

Click below to see how easy you can get on top of compliance.

Segregation of Duties for Infor M3