Divide the responsibility among the different individuals, which can prevent potential fraud in an organization. SOD improves the system security or you can say data security. But on the other hand it increases the cost of the organization.
But for a small organization it is not always possible to implement SOD completely. But it should follow the organization security policies. But The level of security is very low.
- §The concept of Segregation of Duty
- § The SOD in Role/ User Administration
- § Principle of Dual Control
- § Principle of Triplet Control.
-
- §Principle of dual control
- § User Administration
- § Authorization maintenance and generation
- §Principle of treble control
- § User Administration
- § Authorization maintenance
- § Authorization generation
— SOD is primary internal control to prevent the risk, identify problem and take corrective action.
— Achieved by assuring no single individual has control over all phases of business transactions.
— Covers 4 general categories of duties:
◦ Authorization
◦ Custody
◦ Record Keeping