In the current business environment, the establishment of an adequate segregation of duties has become one of the basic pillars of a model of effective internal control, whereas it is essential to reduce the risk of errors and fraud. You have information systems with a suitable security scheme is not sufficient to mitigate the risk of fraud within the Organization, if the functions are not segregated adequately. In recent years it has demanded that the developers of security, that handle users, profiles and responsibilities and, however, fraud is still consummating, taking advantage of the vulnerabilities of information systems. This is due in large part to an inadequate segregation of duties. software integrate robust schemes control how with intelligence the segregation of duties is aimed to prevent an individual from having control over two or more phases of a transaction or operation, so the responsibilities of authorizing transactions, recording such transactions and maintain the custody assets (e.g.. cash, inventories, fixed assets, etc.) they are assigned to different people, thereby reducing the opportunities that a person may be in position to commit and conceal errors or fraud, in the normal course of their duties. As a general rule, and it is our recommendation, the following functions must be separated between employees: – registration and conciliation – management and custody of assets a detailed review of the supervision of activities that are related to schema is fundamental, and serves as a very effective additional control, especially when these functions can not be separated into very small departments or organizations.
How adoption act against a ncompatibilidad of functions suggest the following steps to implement an effective strategy of segregation of duties: risk identification. At this stage should be identified, in the processes of the Organization, those transactions that are sensitive to fraud and susceptible to him. In each case, it is important to indicate the risks involved if the same person has access to these transactions. Identification of applications. This stage sets the applications or modules with which makes each of the sensitive transactions. Identification of conflicts. The objective of this stage consists of using the information of the two previous stages to identify users with conflict of segregation of duties, according to their activities and access to information systems.
From the point of view of information systems, it is important that these provide access levels that allow each user to access only those operations, parameters, and activities that are consistent with their role in the organization. Remediation and mitigation. At this stage they are proposed and made the changes necessary to reduce the risk of sensitive transactions. Monitoring. Once implemented the segregation of duties, the internal and external audit should conduct periodic audits to make sure that these definitions persist over time, but also to identify new conflicts and risks, because organizations are dynamic.