Segregation of Duties Review

Segregation of Duties (SoD) is a key underlying principle of internal controls, and is the concept of having more than one person required to complete a task. By ensuring that no single person can perform a task end-to-end you reduce the associated risk of fraud and error. This can be achieved by disseminating tasks and the associated privileges for a business process among multiple users. However, this reduced risk must of course be balanced with the increased cost and/or effort required to implement the segregation itself.

It is unrealistic to expect all organisations to have the required number of staff, or structure in place, to segregate all business critical tasks which contain a Segregation of Duties risk. Where these Segregation of Duties “conflicts” exist mitigating contols must be applied. These internal controls intend to reduce the risk of an existing Segregation of Duties control weakness.

Mitigating controls need to be managed and maintained within an organisation’s internal control framework to ensure they can continue to be relied upon for Segregation of Duties risk mitigation purposes.

The Turnkey Consulting Solution

At Turnkey Consulting we understand that Segregation of Duties is a common problem for companies of all shape and size, and that the recommended approach for managing the associated risks undoubtedly varies from one organisation to another. Using our experienced consultants we will:

• Extract authorisations-related data from your SAP system for offline analysis and, using a specialist tool, identify existing Segregation of Duties conflicts
• Review Segregation of Duties at both the user and role level
• Ensure mitigating controls are in place where Segregation of Duties conflicts have been identified
• Understand the process in place to manage, maintain and assign mitigating controls and ensure they continue to be operating effective
• Understand the integration of Segregation of Duties procedures into your SAP IT General Controls environment.
• Recommend appropriate mitigating controls to manage risks where Segregation of Duties are not achievable due to organisational constraints

Our service does not stop at merely identifying problems; we also provide tailored recommendations which are both effective and pragmatic in reducing Segregation of Duties risks to the level acceptable for your business. Using our extensive audit, controls and implementation experience, our consultants provide a deeper level of insight from their thorough understanding of a well controlled environment.

A managed service for GRC can give you a strong platform from which to solve these challenges and close your capability gap quickly, without a large upfront investment.