Question

Give 1 example of each :

SoD issue with respect to logical access

SoD  issue with respect to change management

Answer 1

SOD : Separation of Duties

Separation of duties (SoD; also known as Segregation of Duties) is the concept of having more than one person required to complete a task. In business the separation by sharing of more than one individual in one single task is an internal control intended to prevent fraud and error.

1. SOD issue with respect to logical access

Effective internal controls are a key element in protecting the integrity of operational and financial data. Making sure that proper access rights are given to users or that accounts of employees that left the company are locked on time, are just small examples of the IT controls that should be operating in your organization.

Logical access controls are those controls that either prevent or allow access to resources once a user's identity already has been established. Once a user is logged in, they should have access only to those resources required to perform their duties

Example of SOD with respect to logical access control:

Different individuals are assigned access control for recording of a Cash transaction in the system, approval of transaction in the system and collection and deposition of Cash to bank.

2. SOD issue with respect to change management

Segregation of Duties (SOD) is a basic building block of sustainable risk management and internal controls for a business. The principle of SOD is based on shared responsibilities of a key process that disperses the critical functions of that process to more than one person or department.

The main risk factor of any change process is that the new systems and procedures will not work and leave the company worse off than before.

· Resistance. Resistance to change is a common risk factor. ...

· Leadership. Organizational change management requires leadership. ...

· Disruption. ...

· Forcing Change.

Example of SOD issue with respect to change management

Effective management of change provides a structured, consistent, and measurable change environment to be utilized across an organization and is a critical component in the success of its daily business. Its goal is to increase awareness and understanding of proposed changes across the organization and ensure that all changes are made in a thoughtful way that minimize negative impacts to services and customers. An organization should have a document that defines the implementation of Change Management procedures. The computing systems, networks, peripherals, and associated facilities are subject to continuous changes driven by new technology, evolving business requirements, changing contractual requirements, and growing regulatory policies. Effective change management applies to both systems and supporting infrastructure, and is a necessary component for the continuous success and growth of the organization.