Companies are asked to conceptualize key duties to be segregated regardless of underlying systems; identify system access and functions performing key duties across platforms; and implement controls to enforce proper segregation of duties
through user provisioning and de-provisioning processes, as well as periodic review of the cross-platform segregation of duties
The concept of segregation of duties
ensures that no single person has complete control over a single transaction.
Three objectives of segregation of duties
are as follows:
Proper segregation of duties
is arguably one of the most important facets of strong internal controls.
The focus here will be on such newer approaches to monitoring internal control compliance--specifically, the use of control reports to monitor and improve user access controls and segregation of duties
Initial issues include articles on archiving documents and emails, e-mail consolidation and security, best practices, embedded governance automation approaches, assessing risk fraud, and segregation of duties
and compliant user provisioning.
The purchase and travel card programs lacked written guidance, proper segregation of duties
, and adequate training.
Appendices include the text of SOX, a description of the segregation of duties
, and the answers to the 20 questions needed to determine if a worker is an independent contractor or an employee.
We ensure segregation of duties
, make sure it would take two or more people acting in concert to slip something by.
In most cases, the focus of stronger controls centered on segregation of duties
to ensure that a single person couldn't carry out two ends of a transaction to commit fraud, such as improperly booking sales or approving a payment to a fictitious vendor.
The law is strict on violations of segregation of duties
However, a recent audit of the IT infrastructure of the department by Michigan's Office of the Auditor General found that the "general controls over security, access, program and data changes, segregation of duties
, and service continuity that support mainframe information systems were not effective.