The complexity of enterprise applications has increased the risk of Segregation of Duty (SoD) control violations. All major audit firms are now testing SoD controls and holding executives accountable for successful risk remediation, in response to the control-driven regulations worldwide.
Segregation of Duties is a basic internal control that ensures no single individual has the authority to execute two or more conflicting sensitive transactions with the potential to impact financial statements. Critical job duties can be categorised into four types of functions: authorisation, custody, record keeping and reconciliation. In a perfect system, no one person should handle more than one type of function. However, without comprehensive SoD polices and advanced analytics that detect violations across thousands of application access points, SoD control implementation, testing, remediation and mitigation can be extremely difficult to achieve.
Why do you need Segregation of Duties?
Unbelievably some organisations leave just one person in charge of their main asset, cash. By doing this the whole organisation is put at risk. Companies can’t afford to be so trusting with their employees unfortunately. That’s why implementing SoD should be essential in the finance and accounting department of any organisation.
By not implementing segregation of duties you are putting the company at risk. One of the biggest risks is the increased risk of fraud. When one person is given the sole responsibility of two conflicting tasks the risk of fraud increases. Having more than one person carry out these tasks reduces this risk.
For example, the employee who prepares checks should not be the same person who signs that check. The person who is responsible for creating a vendor shouldn’t be the same person who pays that vendor.
Another risk associated with a lack of SoD is the risk of human error. If only one person is doing all the financial reporting errors can occur and be missed. Having segregation of duties put in place can help prevent these errors in the first place.
Segregation of duties along with internal controls can minimise risk. What are some common examples of Segregation of Duties?
What does SafePaaS recommend for Segregation of Duties Risk Assessment?
SafePaaS SoD SCANNER™ produces test results in just minutes by utilizing the SafePaaS comprehensive risk repository, which includes one of the largest collection of SoD Rules, also used by major audit firms. Simply run the SOD SCANNER against your enterprise applications to detect all violations for the selected rules to identify hidden SoD conflicts. View results using advanced analytics that eliminate False Positives and accelerates the remediation process. Accurate control evidence collected by SOD SCANNER can be shared with process owners, application managers, IS Security and auditors.
No software, hardware, installation or configuration is needed for SOD SCANNER. You get immediate access to SoD Rules for your enterprise application. Upload a snapshot for your application security model using DataProbe™, the SafePaaS ERP Snapshot tool, to get the job done without costly software, hardware or technical resources.