Segregation of duties

In today's business environment, establishing an adequate segregation of duties has become one of the cornerstones of an effective internal control model, as it is essential to reduce the risk of errors and fraud. Information systems have adequate security scheme is not sufficient to mitigate the risk of fraud within the organization, if not segregate functions properly. In recent years it has required developers to security, manage user profiles and responsibilities, however, still consumed fraud, taking advantage of vulnerabilities in information systems. This is largely due to inadequate segregation of duties.

robust software integration schemes

Managing with intelligence

Segregation of duties is designed to prevent an individual has control over two or more phases of a transaction or operation, so that the responsibilities for authorizing transactions, recording transactions and maintaining custody of assets (eg. Treasury stocks fixed assets, etc..) are assigned to different people, thus reducing the opportunities for a person is in a position to commit and conceal errors or fraud in the normal course of their duties. As a rule, and it is our recommendation, the following functions should be separated among employees:

• - Registration and conciliation

- Asset Management and custody

A detailed review of the monitoring scheme related activities is essential, and serves as an additional control very effective, especially when these functions can not be separated in very small organizations or departments.

Approval

How to deal with a function ncompatibilidad

We suggest the following steps to implement an effective strategy of segregation of duties:

Risk identification.

At this stage must be identified in the processes of the organization, those transactions that are susceptible to fraud and susceptible to it. In each case, it is important to note the risks involved if one person has access to these transactions.

Identification of applications.

At this stage sets out the applications or modules that are performed each sensitive transactions.

Identification of conflicts.

The objective of this stage is to use the information from the two previous steps to identify users with segregation of duties conflicts, according to their activities and access to information systems. From the point of view of information systems, it is important that they offer access levels that allow each user access only to those operations, parameters and activities that are consistent with its role in the organization.

Remediation and mitigation.

At this stage, propose and implement the changes necessary to reduce the risk of sensitive transactions.

Monitoring.

Once implemented the segregation of duties, internal audit and external audits should be performed to ensure that these definitions persist over time, but also to identify new conflicts and risks because organizations are dynamic.



If you want to expand, without charge, the issues raised in this document, or obtain a copy of it, enter www.jbp.co