Segregation of Duties Helps Sustain a Strong Internal Control Environment

Segregation of duties (SOD) within a company’s IT-dependent back-office functions is critical for limiting errors and fraud risk. An established SOD framework doesn’t allow one person to perform all responsibilities for a transaction type, and it doesn’t allow one person responsibility for conflicting or incompatible duties. There is a system of checks and balances so that another person can provide oversight, catch an error or identify improper action.

General activities that should be segregated are:

• Initiation of transactions
• Custody of assets
• Authorization or approval of transactions
• Documentation of those transactions
• Periodic review and reconciliation of transactions

For more information on the benefits of SOD analysis, developing an application access based SOD matrix and an example of one company that did not have established SOD, read this article by Brian J. Thomas, IT advisory partner, and Reema Parappilly, IT advisory senior manager.