GRC Controllers




Newsletter | Volume 1

Issue I
Issue II
Issue III
Issue IV
Issue V
Issue VI
Issue VII
Issue VIII
Issue IX
Issue X

click here to

Subscribe to our newsletter



To Unsubscribe click here

Segregation of Duties - Why and How - Synopsis



Properly implemented Segregation of Duties (SoD) could have prevented many Risk and Compliance mistakes including fraud and the non-discovery of a variety of various enticements. Some of the common/improper Segregation of Duties concerns, which can lead to serious incidents, are:

  • Failure to Document Business Purpose
  • Procurement Card Policy Not Followed
  • Supervisors Not Approving Time Worked
  • Failure to Perform Periodic Network Vulnerability Scans
  • Terminated Employees Retain Access to Computer Systems
  • Inadequate Cash Controls
  • Employees Not Given Annual Performance Appraisals
  • Inadequate Review of Transactions before Approval
  • Unlicensed Software Is Installed On Department Computers
  • Regular Inventory of Capital Assets Is Not Taken
  • Proper Bidding Procedures Are Not Followed
  • Sharing of NetID's and Passwords
  • Lack of Supervisor Review of Travel
  • Lack of Certification and Documented Review of Accrued Leave Balances
  • Failure to Document Business Purpose

Segregation of Duties is a key internal business control concept. It consists of a split of the business processes or tasks between several individuals so that no single person has full control over a specific process or tasks.

The concept of segregating duties reduces risk of fraud and errors in information in your business. It is one of the top important measures in several internal controls frameworks such as COSO Enterprise Risk Management Integrated Framework and Cobit Framework for IT.

In recent years, an ever increasing focus on internal controls and compliance with new and more rigid rules and legislation is a reality in relation to financial reporting. The US Sarbanes-Oxley Act and the EU Directives 4, 7, 8 and related national legislation are examples. Often auditors report weaknesses in Segregation of Duties, and often these control weaknesses are categorized as material.

Segregation of Duties is relevant in businesses of all sizes. Although Segregation of Duties in general is most often found in the financial sector and in large companies, fraudulent activities can be reduced/eliminated in even the smallest businesses by proper application of Segregation of Duties.

So it's worthwhile to take a closer look on how Segregation of Duties is doing in your business!
During the Copenhagen Compliance Conference we will focus on the why - but more on how to practically approach good implementation of Segregation of Duties in your company. It introduces an easy-to-understand framework of establishing and executing the project, and it includes a number of suggested tools and templates that can be used as starting points and discusses the processes necessary to sustain a good level of Segregation of Duties.