Access control evaluation in an ERP is a complex exercise and requires good skills with the particular ERP. Many ERPs use the concept of roles, assigning standard authorizations to the roles and attaching the roles to
users as per their job descriptions and duties required to be performed. Each role properties and the users defined for each role will be verified during the audit