The complexity of enterprise applications has increased the risk of Segregation of Duty [SoD] control violations. All major audit firms are now testing SoD controls and holding executives accountable for successful risk remediation, in response to the control-driven regulations worldwide.
Segregation of Duties is a basic internal control that ensures no single individual has the authority to execute two or more conflicting sensitive transactions with the potential to impact financial statements. Critical job duties can be categorised into four types of functions: authorisation, custody, record keeping and reconciliation. In a perfect system, no one person should handle more than one type of function. However, without comprehensive SoD polices and advanced analytics that detect violations across thousands of application access points, SoD control implementation, testing, remediation and mitigation can be extremely difficult to achieve.
Why do you need Segregation of Duties?
Unbelievably some organisations leave just one person in charge of their main asset, cash. By doing this the whole organisation is put at risk. Companies can’t afford to be so trusting with their employees unfortunately. That’s why implementing SoD should be essential in the finance and accounting department of any organisation.
By not implementing segregation of duties you are putting the company at risk. One of the biggest risks is the increased risk of fraud. When one person is given the sole responsibility of two conflicting tasks the risk of fraud increases. Having more than one person carry out these tasks reduces this risk.
For example, the employee who prepares checks should not be the same person who signs that check. The person who is responsible for creating a vendor shouldn’t be the same person who pays that vendor.
Another risk associated with a lack of SoD is the risk of human error. If only one person is doing all the financial reporting errors can occur and be missed. Having segregation of duties put in place can help prevent these errors in the first place.
Segregation of duties along with internal controls can minimise risk. What are some common examples of Segregation of Duties?
What does SafePaaS recommend for Segregation of Duties Risk Assessment?
SafePaaS SoD SCANNER™ produces test results in just minutes by utilizing the SafePaaS comprehensive risk repository, which includes one of the largest collection of SoD Rules, also used by major audit firms. Simply run the SOD SCANNER against your enterprise applications to detect all violations for the selected rules to identify hidden SoD conflicts. View results using advanced
analytics that eliminate False Positives and accelerates the remediation process. Accurate control evidence collected by SOD SCANNER can be shared with process owners, application managers, IS Security and auditors.
No software, hardware, installation or configuration is needed for SOD SCANNER. You get immediate access to SoD Rules for your enterprise application. Upload a snapshot for your application security model using DataProbe™, the SafePaaS ERP Snapshot tool, to get the job done without costly software, hardware or technical resources.
Which of the following is nota. Lack of proper segregation of incompatible dutiesb. Management override
one of the inherent limitations of internal control?
c. Faulty human judgment
d. Collusion
Physical controls to safeguard assets would include:
a. locks on the warehouse doors
b. safety audits on the production-line
c. segregation of duties
d. hiring only trustworthy cashiers
Monitoring
a. sets the tone of an organization, influencing the control consciousness of its people
b. is a process that assesses the quality of internal control performance over time
c. is the entity's identification and analysis of relevant risks as a basis for their management
d. support the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities
Which of the following is least likely to be appropriate as the basis for determining the preliminary judgment about materiality in the audit of financial statements?
a. revenues
b. current liabilities
c. losses
d. assets
Questionnaires consist of a series of interrelated questions about internal control policies and procedures. The questions are typically phrased so that a "yes" indicates a control strength and a "No" indicates a potential weakness. An advantage[s] of the questionnaire is [are]
a. flexible to prepare, although difficulty for a complex system
b. identify the contingencies considered in the in the description of a problem and the appropriate actions to be taken in each case
c. provide a visual representation of the system and flexible in construction
d. help identify concerns and prevents the auditor from overlooking important control considerations
PSAs require the auditor to obtain understanding of the entity's internal structure
a. for every audit
b. for first time audit clients
c. sufficient to find any frauds that may exist
d. whenever the auditor wishes or sees necessary
Risk assessment procedures performed to obtain evidence about the design and implementation of relevant controls include
a. analytical procedures
b. recalculation
c. tracing transactions or walkthrough
d. external confirmation
Answer & Explanation
Solved by verified expert
Rated Helpful
m ip
usc
ic
onec
ctu
molestie c
at, ultric
s a molest
congue vel
ce
itur
or nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Done
Unlock full access to Course Hero
Explore over 16 million step-by-step answers from our library
Subscribe to view answer
Step-by-step explanation
usce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a m
sus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, con
dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pelle
onec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus
Student review
100% [1 rating]