E-MailHierarchical Segregation of Duties
Because of the process controls requirements mandated by Section 404 of the US Sarbanes-Oxley Act (SOX), segregation of duties (SOD) has received increased scrutiny. According to Anne Burt at the University of Florida, SOD should include the assurance that no individual has the physical and system access to control all phases of a business process or transaction, from authorization to custody to record keeping [1]. When conflicts exist in SOD, organizations can be exposed to significant risks. Auditors look for conflicts in SOD in which one individual has access to responsibilities that are inherently in conflict with one another, such as purchasing and accounts payable, purchasing and receiving, general ledger and supply management, and so forth. Conflicts can arise from innocent and unintentional errors or from intentional and criminal fraud. Burt warns that whatever the reason for conflicts, an organization can be held liable for inadequate and inauditable process controls.
Cutter Consortium clients, please log in:
If you would like further information about how to become a client, please contact us at +1 781 648 8700 or sales@cutter.com.
