Can automated segregation of duties benefit regulatory compliance? – TechTarget

Disclaimer: These articles have been sourced from internet, Estrategya doesn’t own or in any way belives any opinion as projected in these articles.

Segregation of duties is designed to prevent error and fraud, and under mandates such as the Sarbanes Oxley Act has even become a regulatory compliance requirement for some organizations. But the large amount of data produced by organizations, coupled with rapid transactions, has made manual segregation of duties susceptible to human error and impractical for some businesses.
The complications have led an increasing number of organizations to automate segregation of duties. In this feature, Michael Rasmussen, chief pundit at GRC 20/20 Research LLC in Waterford, Wisconsin, discusses how automating segregation of duties can ultimately drive down regulatory compliance costs, as well as reduce the likelihood of fraudulent activity and lawsuits.
What are some of the compliance challenges created by Segregation of Duties (SoD) in regard to business applications?
Michael Rasmussen: The compliance challenges come from several angles. The largest driver is Internal Controls Over Financial Reporting (ICFR) and, in that context, Sarbanes-Oxley (SOX) compliance. It is simply a matter of control to ensure we do not have the fox guarding the hen house. For example, can a person who enters an invoice also pay an invoice? If this is allowed to happen, then there is a control issue. You have an individual with a lot of access to systems who could use this to commit fraud or just make mistakes.
In the ideal world, we prevent these issues by making sure that individuals have proper segregation in their responsibilities and duties so that we have checks and balances. However, we do not live in an ideal world and, at times, we have legitimate reasons to have consolidated duties given to an individual. In the first case, we want to prevent these rights being given. In the latter case, we at least want to monitor these rights and what are done with them.
Today’s environment is complex. There are lots of employees with different types of access to different systems — ERP and more. Managing SoD manually becomes an impossible task. You end up with random sampling. Using technology to automate the enforcement/prevention of SoD conflicts — or monitoring where they do occur for a legitimate business reason — moves us from random sampling with high manual labor costs to thorough monitoring that is streamlined and efficient.
How can these SoD issues ultimately hurt a company’s bottom line and/or lead to lawsuits if not handled properly?
Rasmussen: Fraud and mistakes. People can use them to commit fraud, which might start small and over time grows and grows. People can also simply make mistakes and having proper segregation of rights and access allows for this to be mitigated. Not paying attention to this issue can raise audit findings with internal and external auditors, as well as compliance issues. If there is rampant fraud happening and [it] impacts [the] bottom line, certainly it opens you up to lawsuits.
What are some segregation of duty best practices that can help overcome these challenges?
Rasmussen: Here are some best practices: First, define your roles and rights. Know how your business systems and transactions work and where there are SoD risk areas. Two, prevent SoD issues. Use technology to go through and find SoD issues and remediate them. Three, monitor SoD areas that are there for business purposes. Monitor SoD areas in which you have a business reason for consolidation of rights into a role where these rights may conflict.
Let us know what you think about the story; email Ben Cole, site editor. For more regulatory compliance news and updates throughout the week, follow us on Twitter @ITCompliance.
As CIOs consider new technologies to help reach business sustainability goals, investors also want to see the right governance in…
The public university’s digital experience initiative, which builds upon its use of ServiceNow, aims to help students focus on …
Elon Musk could disrupt the social media industry with his purchase of Twitter and move the company away from social media’s …
2020 was the catalyst healthcare needed. Here we discuss how the industry is shifting to a virtual-first model and doubling down …
Forrester’s chief business technology officer explains how tools that capture data in real time can help healthcare organizations…
Check out this excerpt from the HCISPP All-in-One Exam Guide to learn more about privacy and security in healthcare, one of the …
It’s easy to forget about data centers when you run workloads in the cloud. Learn how AWS Regions and Availability Zones differ, …
Organizations need the right strategies in place to avoid cloud cost pitfalls. Stay within your budget with these cost management…
Receiving a FinOps certification helps individuals develop their cloud financial management skills. Discover training and …
Discover the different classifications of liquid cooling — such as direct-to-chip, liquid immersion or rear-door heat exchangers…
Dell plans to ship an all-NVMe version of VxRail that will be the first hyper-converged system to work with VMware’s Project …
Extreme heat and cold can keep equipment from operating at peak efficiency. Explore cost-efficient and cost-effective cooling …
Here are eight steps to take to improve your organization’s data quality in a proactive way, before data errors and other issues …
The data lake query vendor is bringing new features to its platform to optimize queries with the open source Trino query engine …
Open source-based data platform provider Alluxio is updating its namesake technology with enhanced Amazon S3 support and improved…
North Korea’s Lazarus Group is accused of stealing more than $600 million in the Axie Infinity hack and laundering a chunk …
Keeping attackers away from corporate assets means keeping a constant vigilance over the organization’s attack surface. An attack…
Mandiant researchers spotted a threat group using an exploit for older versions of Adminer to get their hands on metadata that …
All Rights Reserved, Copyright 2009 – 2022, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell My Personal Info

source

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest

Leave a Comment

Your email address will not be published.

JOIN THE CLUB!

It’s easy: all we need is your email & your eternal love. But we’ll settle for your email.