What are some common examples of Segregation of Duties

What are some common examples of Segregation of Duties?

What are some common examples of Segregation of Duties?

What are some common examples of Segregation of Duties?

Segregation of Duties is an essential internal control in any organisation designed to prevent fraud and error. It’s an elementary component of any internal control system. This internal control ensures that more than one person is required to complete the various tasks required to complete a business process.

In other words, no one person should be responsible for any single task. For example, one person can place an order but another must record the transaction of this order. We can say that Segregation of Duties controls implement an appropriate level of checks and balances upon the activities of individuals.

In an ideal situation, more than one person should manage a function. An employee with multiple functional roles within an organisation can abuse the power they are given hence the need for Segregation of Duties controls. No organisation should underestimate the importance of SoD.

It’s an important control in order to achieve an effective risk management strategy. Implementing segregation of duties helps to deter errors and irregularities.

What are some examples of Segregation of Duties?


  • Persons approving manual journal should not post the same journal.
  • Same person should not do bank reconciliation and vendor payments
  • Same person should not make payments to vendors and do reconciliation of bank statements
  • Same person should not do bank reconciliation and approve vendor payments
  • Same person should not deposit cash and do bank reconciliation of bank statements
  • Same person should not purchase an order and approve an order
  • Same person should not maintain credit limits and release credit holds
  • Same person should not enter a journal and approve journal entries
  • Same person should not enter receivables and approve receivables
  • Same person should not do buyer setup and approve requisition
  • Same person should not do buyer setup and approve purchase order
  • Same person should not approve time cards and have custody of paychecks
  • Same person should not do buyer setup and enter vendor invoice
  • Same person should not do buyer setup and approve vendor invoice
  • Same person should not do buyer setup and vendor payment
  • Same person should not create requisition and approve requisition
  • Same person should not create requisition and approve vendor invoice
  • Same person should not do vendor payment – batch initiation and approve vendor payments
  • Same person should not receive funds and approve write-off of receivables
  • Same person who opens the mail should not take cheques to the bank
  • Same person who orders goods from a supplier should not log the goods into the accounting system
  • Same person who receives cheques should not be the same person who records the cheques
  • Same person who can set up a vendor should not be able to process a payment to the vendor
  • The same person who creates an invoice should not enter sales transactions into General Ledger
  • Same person should not be able create a vendor and pay invoices
  • Hiring employees and paying salaries
  • Same person shouldn't record cash received from customers and create credit memos
  • Same person should not open mail and handle cash receipts
  • Same person should not prepare bank deposits and verify cash receipts
  • Same persons shouldn't manage mergers and acquisitions and trading stock

Preventive Segregation of Duties controls allow you to check for SOD violations before new access is assigned to a user. Read about our Segregation of Duties preventive solutions. 

Segregation of Duties

Why do we need Segregation of Duties controls?

Effective segregation of duties (SoD) controls can reduce the risk of internal fraud through early detection of internal process failures in key business systems.

Segregation of duties risk analysis is difficult to achieve without supported software. SafePaaS offers a series of different solutions based on your needs and requirements. Our solutions for Segregation of Duties include: SoD Scanner - a one-time run , Policy Manager, - a fully integrated solution with remediation capabilities, SoD Insight - a quick health check to see where your issues lie. 

What should Segregation of Duties solutions offer?

SoD tools allow you to detect, analyse and manage risks associated with Segregation of Duties conflicts using complex role-based authorisation models.

Segregation of Duties should offer the following capabilities:

Looking for a segregation of duties solution? You can schedule a demo right here or read on to learn more about the importance of SoD, what to look for in a solution and some common examples.  We have processed a staggering 444,607,107 segregation of duties violations on our platform, making it the single most utilized cloud platform for detecting and controlling access risk in enterprise applications. That's a lot of violations!

Complimentary segregation of duties health check

If you're new to automating SoD, we will help you see the benefits of having an automated solution in place by doing a complimentary segregation of duties health check for you. 


The SafePaaS SoD Insight is designed to quickly and reliably help customers identify segregation of duties risk in their environments.

This automated health check makes it easy to isolate and analyse these risks so that clients can build a remediation plan to address areas of concern.

SafePaaS leverages the SafePaaS Enterprise Risk Management platform to provide a deep personalized analysis which is tailored to the needs of the client.

Read more about Segregation of Duties with our popular free resources

Oracle ERP Cloud security

Take a proactive approach to access controls, data security policies and in particular, segregation of duties to restrict privileged access in Oracle ERP Cloud.

Role based Access Management, Oracle E-Business Suite security model, best practices for implementing access policies

The complete guide to understanding Oracle E-Business Suite Security Model. Role-based Access Management for Oracle. 

Access Management Ebook

Protect Your Business and Reputation by Securing ERP Application Access
(Best Practices for Detecting, Remediating and Preventing SoD Risks in ERP)
 

Application Access Governance

CISOs Guide to Enterprise Application Access Governance. Criteria to help select the right IGA platform.