To prevent errors, implement segregation of duties
Required by Sarbanes Oxley, segregation of duties (SOD) is a proven management technique that organizations of all sizes can benefit from. By assigning responsibilities to ensure crosschecking, an organization can prevent innocent errors and deliberate fraud.
As a key internal control, however, segregation of duties has become more complicated and time consuming to implement with today’s increasing reliance on information technology (IT) and operations expanding globally.
Segregation of duties also has expanded from financial functions to IT functions. In the financial area there is a need to segregate authorization, custody, record keeping, and reconciliation. In IT, segregation of duties addresses the need to segregate system development and operations, operations and data control, and database administration and system development. And when these functions can’t be fully segregated, compensating controls have to be established.
Segregation of duties ensures that each person’s work acts as a complementary check against another’s. No one person should be responsible for an entire transaction or operation.
You can depend on us to help with the segregation of duties
Who can help you segregate duties? You can rely on our Enterprise Risk Services (ERS) team. It is comprised of knowledgeable, experienced internal audit professionals. Many hold advanced accounting and finance degrees. Their certifications include Certified Internal Auditor (CIA), Certified Internal Controls Auditor (CICA), Certified Public Accountant (CPA), Certified Information Systems Auditor (CISA), Certified Fraud Examiner (CFE), Certified Information Technology Professional (CITP), Certified Information Security Manager (CISM), and Certified Information Systems Security Professional (CISSP).
After assembling a team that meets your specific needs, we will perform a thorough, comprehensive review of all activities performed in conjunction with your control framework. We will begin by understanding your control structure and learning your system access and your business. We will gather information by interviewing your managers and accessing listings, and we will test by using our proprietary segregation of duties tool.
We will analyze your information and develop a report that highlights areas where individuals have control over two or more phases of a transaction or operation. As part of the report, we will suggest ways to adjust these processes to end conflicts and/or develop alternate controls when a segregation of duties cannot be fully achieved.
Segregation of duties is a basic, key internal control. And it is one of the most difficult to achieve. For help, call in the Plante Moran Enterprise Risk Services team. You will appreciate their expertise and their experience.