Segregation of Duties is an internal control that prevents a single person from completing two or more tasks in a business process. Organizations require Segregation of Duties controls to separate duties among more than one individual to complete tasks in a business process to mitigate the risk of fraud, waste and error. Show
Actual job titles and organizational structure may vary greatly from one organization to another, depending on the size and nature of the business. Therefore, it’s important for management to analyse the skillset and capabilities of the individuals involved based on the risk likely and impact to business processes. Critical job duties can be categorized into four types of functions: authorization, custody, record keeping, and reconciliation. In a perfect system, no one person should handle more than one type of function. You can apply the following options to segregate job duties:
Many companies struggle to implement effective Segregation of Duties controls in their ERP systems such as Oracle E-Business Suite, SAP, Oracle ERP Cloud, even though the concept of SoD is simple as described above. (To understand the extent of the problem, we have processed a staggering 444,607,107 segregation of duties violations on our platform.) This is mainly due to the complexity and variety of the applications that automate key business processes, and the ownership and accountability for controlling those processes requires complete analysis of thousands of functions available across roles and responsibilities assigned to users. For example, to assess SoD risk in Account Payable application that a user, assigned the Payables Manager role has access to create a supplier and approve payment requires a completed analysis of all functions that constitute the entitlements granted through the role, while excluding any false positives that may occur as a result to overriding attributes, profiles, page level configurations or customizations that prevent such access. The Segregation of Duties Matrix lists potential conflicts to determine what risk may be realized should a user have access or authorizations to a combination of entitlements. For example, what is the likelihood, that a user can create a fictitious supplier and make a payment to that supplier? The risk likelihood and impact varies based on industry, business model and even individual business unit. It is not uncommon for a large global company to have more than one matrix due to differences in the business processes by location or business unit. For example, a company may have a manufacturing business unit with a large amount of inventory, requiring a Segregation of Duties matrix that focuses on specific inventory transactions. They may also have a service-based business unit necessitating a focus on project accounting, requiring a different SoD matrix. Though knowledge of similar businesses and industries can help to establish the conflict matrix, each business unit must perform a customized analysis of its conflicting transactions to capture the real risk for that particular business model. Common ExamplesWhat are some of the most common examples of Segregation of Duties? Segregation of Duty controls are a significant component of control environment of any organization that operates its business on an ERP platform. OptionsAre you looking for a segregation of duties solution but are not sure what to look for ? SoD InsightOur SoD Insight is ideal if your organization is new to segregation of duties. It quickly and reliably helps you identify segregation of duties risk in your environments so that you can take action if need be. SoD ScannerThis is our low cost option which utilizes the same software as our core application. SoD Scanner is designed for smaller organizations that have limited SoD requirements. Policy Manager ™Policy Manager™ is designed for organizations with complex segregation of duties requirements. With built-in remediation it allows you to pro-actively mitigate risk. Segregation of DutiesSegregation of duties is a basic, key internal control and one of the most difficult to achieve. It is used to ensure that errors or irregularities are prevented or detected on a timely basis by employees in the normal course of business. Segregation of duties provides two benefits; first, a deliberate fraud is more difficult because it requires collusion of two or more persons, and second, it is much more likely that innocent errors will be found. At the most basic level, it means that no single individual should have control over two or more phases of a transaction or operation. Management should assign responsibilities to ensure a crosscheck of duties. If a single person can carry out and conceal errors and/or irregularities in the course of performing their day-to-day activities they have generally been assigned or allowed access to incompatible duties or responsibilities . Some examples of incompatible duties are:
There are four general categories of duties or responsibilities which are examined when segregation of duties are discussed: authorization, custody, record keeping and reconciliation. In an ideal system, different employees would perform each of these four major functions. In other words, no one person should have control of two or more of these responsibilities. The more negotiable the asset, the greater the need for proper segregation of duties - especially when dealing with cash, negotiable checks and inventories. In those instances where duties cannot be fully segregated, mitigating or compensating controls must be established. Mitigating or compensating controls are additional procedures designed to reduce the risk of errors or irregularities. For instance, if the record keeper also performs a reconciliation process a detailed review of the reconciliation could be performed and documented by a supervisor to provide additional control over the assignment of incompatible functions. Segregation of duties is more difficult to achieve in a centralized, computerized environment. Compensating controls in that arena include passwords, inquiry only access, logs, dual authorization requirements, and documented reviews of input/output. Some special aspects of segregation of duties apply to IT functions themselves. There should be segregation between systems development and operations, operations and data control, and data base administration and system development. What duties should be segregated in accounting?Generally, the primary incompatible duties that need to be segregated are:. Authorization or approval.. Custody of assets.. Recording transactions.. Reconciliation/Control Activity.. What is segregation of duties give an example of functions that should be separated?The separation of duties concept prohibits the assignment of responsibility to one person for the acquisition of assets, their custody, and the related record keeping. For example, one person can place an order to buy an asset, but a different person must record the transaction in the accounting records.
What is segregation of duties what function should be performed by different people?Segregation of duties is based on the idea of shared responsibilities, wherein the critical functions of a key process are dispersed to more than one person or department to mitigate the risk of fraud or other unethical behaviors.
Which of the following is an example of segregation of duties?Examples of segregation of duties:
The person who approves the purchase of goods or services should not be the person who reconciles the monthly financial reports.
|
