What are some common examples of Segregation of Duties? - SafePaaS

What are some common examples of Segregation of Duties?

What are some common examples of Segregation of Duties?

Segregation of Duties is an essential internal control in any organisation designed to prevent fraud and error. It’s an elementary component of any internal control system. This internal control ensures that more than one person is required to complete the various tasks required to complete a business process.

In other words, no one person should be responsible for any single task. For example, one person can place an order but another must record the transaction of this order. We can say that Segregation of Duties controls implement an appropriate level of checks and balances upon the activities of individuals.

In an ideal situation, more than one person should manage a function. An employee with multiple functional roles within an organisation can abuse the power they are given hence the need for SOD controls. No organisation should underestimate the importance of SOD.

It’s an important control in order to achieve an effective risk management strategy. Implementing segregation of duties helps to deter errors and irregularities.

Why do we need Segregation of Duties controls?

Effective segregation of duties (SOD) controls can reduce the risk of internal fraud through early detection of internal process failures in key business systems.

Segregation of duties risk analysis is difficult to achieve without supported software.

Read about SafePaaS’ Solution for Segregation of Duties: SoD Scanner

What do SoD controls do?

SoD tools allow you to detect, analyse and manage risks associated with Segregation of Duties conflicts using complex role-based authorisation models.

Segregation of Duties offer the following capabilities:

  • SoD Risk Analysis
  • Access Certification
  • Role Management
  • Transaction Monitoring
  • Emergency Access Management
  • Compliant User Provisioning

What are some examples of Segregation of Duties?

  • Persons approving manual journal should not post the same journal.
    Same person should not do bank reconciliation and vendor payments
  • Same person should not make payments to vendors and do reconciliation of bank statements
  • Same person should not do bank reconciliation and approve vendor payments
  • Same person should not deposit cash and do bank reconciliation of bank statements
  • Same person should not purchase an order and approve an order
  • Same person should not maintain credit limits and release credit holds
  • Same person should not enter a journal and approve journal entries
  • Same person should not enter receivables and approve receivables
  • Same person should not do buyer setup and approve requisition
  • Same person should not do buyer setup and approve purchase order
  • Same person should not approve time cards and have custody of paychecks
  • Same person should not do buyer setup and enter vendor invoice
  • Same person should not do buyer setup and approve vendor invoice
  • Same person should not do buyer setup and vendor payment
  • Same person should not create requisition and approve requisition
  • Same person should not create requisition and approve vendor invoice
  • Same person should not do vendor payment – batch initiation and approve vendor payments
  • Same person should not receive funds and approve write-off of receivables
Read our Access Management ebook