Separation of Duties - Application in General Business and In Accounting

Application in General Business and In Accounting

The term SoD is already well known in financial accounting systems. Companies in all sizes understand not to combine roles such as receiving checks (payment on account) and approving write-offs, depositing cash and reconciling bank statements, approving time cards and have custody of pay checks, etc. SoD is fairly new to most Information Technology (IT) departments, but a high percentage of Sarbanes-Oxley internal audit issues come from IT.

In information systems, segregation of duties helps reduce the potential damage from the actions of one person. IS or end-user department should be organized in a way to achieve adequate separation of duties. According to ISACA's Segregation of Duties Control matrix, some duties should not be combined into one position. This matrix is not an industry standard, just a general guideline suggesting which positions should be separated and which require compensating controls when combined.

Depending on a company's size, functions and designations may vary. When duties cannot be separated, compensating controls should be in place. Compensating controls are internal controls that are intended to reduce the risk of an existing or potential control weakness. If a single person can carry out and conceal errors and/or irregularities in the course of performing their day-to-day activities, they have been assigned SoD incompatible duties. There are several control mechanisms that can help to enforce the segregation of duties:

  1. Audit trails enable IT managers or Auditors to recreate the actual transaction flow from the point of origination to its existence on an updated file. Good audit trails should be enabled to provide information on who initiated the transaction, the time of day and date of entry, the type of entry, what fields of information it contained, and what files it updated.
  2. Reconciliation of applications and an independent verification process is ultimately the responsibility of users, which can be used to increase the level of confidence that an application ran successfully.
  3. Exception reports are handled at supervisory level, backed up by evidence noting that exceptions are handled properly and in timely fashion. A signature of the person who prepares the report is normally required.
  4. Manual or automated system or application transaction logs should be maintained, which record all processed system commands or application transactions.
  5. Supervisory review should be performed through observation and inquiry.
  6. To compensate mistakes or intentional failures by following a prescribed procedure, independent reviews are recommended. Such reviews can help detect errors and irregularities.

Read more about this topic:  Separation Of Duties

Famous quotes containing the words application, general, business and/or accounting:

    Courage is resistance to fear, mastery of fear—not absence of fear. Except a creature be part coward it is not a compliment to say it is brave; it is merely a loose application of the word. Consider the flea!—incomparably the bravest of all the creatures of God, if ignorance of fear were courage.
    Mark Twain [Samuel Langhorne Clemens] (1835–1910)

    In communist society, where nobody has one exclusive sphere of activity but each can become accomplished in any branch he wishes, society regulates the general production and thus makes it possible for me to do one thing today and another tomorrow, to hunt in the morning, fish in the afternoon, rear cattle in the evening, criticize after dinner, just as I have a mind, without ever becoming hunter, fisherman, shepherd or critic.
    Karl Marx (1818–1883)

    Perhaps nothing in all my business has helped me more than faith in my fellow man. From the very first I felt confident that I could trust the great, friendly public. So I told it quite simply what I thought, what I felt, what I was trying to do. And the response was quick, sure, and immediate.
    Alice Foote MacDougall (1867–1945)

    I, who am king of the matter I treat, and who owe an accounting for it to no one, do not for all that believe myself in all I write. I often hazard sallies of my mind which I mistrust.
    Michel de Montaigne (1533–1592)