In: Accounting
In finance and accounting system, if you have established an (Separation of Duty) SoD rule, is there ever a time when the rule should be broken to allow an SoD violation in the system? Please provide the rationale for your response.
The answer to the following question
It is a well known theory and a top contributor for fraud activties which are taken part in the SOX act.The challenge of achieving is more found in case of small and medium sized companies where there is lack of advanced tools and managers do not have the expertise to mange this risk.So the internal audit team should work closely with the business and IT teams to segregate the duties and assign mitigation control where the feasibility is not there.Also monitoring of these activties have to be done and reported to senior management.
So for the remediation and assessment Process following are the initiatives which are needed to determine and address SOD .
Phase 1;Gather a List of applicable SOD conflicts;
So to gather on the list of SOD conflict which can happen in any business and this can be achieved as follows:
Phase II Analyze SOD Output:
This can be performed manually or with the help of a tool.In case of using a tool following are the activtites which should be followed
Phase III Remedy and Cleaning
Finally everything is measured and a go forward is given after a request is reviewed against the SOX matrix prior to implementing in the system.