This sample explains the concept of segregation of duties (SOD), including its types, importance, risks, and the role of internal audit/management/external audit. It also includes a sample segregation of duties maturity model that can be customized to your organization.
The basic idea underlying SOD is that no employee or group of employees should be in a position both to perpetrate and to conceal errors or fraud in the normal course of their duties. In general, the principal incompatible duties to be segregated are: custody of assets, authorization or approval of related transactions affecting those assets, and recording or reporting of related transactions. Types of segregation of duties in this sample include system-designed and operationally designed.
Traditional systems of internal control rely on assigning certain responsibilities to different individuals or segregating incompatible functions. The general premise of SOD is to prevent one person from having both access to assets and responsibility for maintaining the accountability of those assets. SOD’s do not prevent collusion.