Share
Explore BrainMass

Separtion of Duties for IT

To achieve effective separation of duties within a company's IT environment, the company's accounting and information processing subsystems should be separate from the departments that use data and perform operational activities.

Discuss some of the ways this " separation of duties " is achieved.

Solution Preview

The following information will assist you in how "separation of duties" is achieved. The author, Kevin G. Coleman is a 15-year veteran of the computer industry. A Kellogg School of Management executive scholar, he was the former chief strategist of Netscape Communications Corp. He is now a senior fellow at The Technolytics Institute Inc., an executive think tank.

The key to data security: Separation of duties

"Separation of duties is a key concept of internal controls. This objective is achieved by disseminating the tasks and associated privileges for a specific security process among multiple people.

The term SoD is widely used in financial accounting systems. Companies in all sizes understand the importance of not combining roles such as receiving checks (payment on account), approving write-offs, depositing cash and reconciling bank statements, approving time cards, and having custody of paychecks.

Separation of duties is a common policy when people are handling money so that fraud requires collusion of two or more parties. This greatly reduces the likelihood of crime. Information should be handled in the same way. It is therefore imperative that an organization be designed so that no person acting alone can compromise security controls.

SoD is fairly new to the IT organization, but ...

Solution Summary

The solution discusses effective separation of duties within a company's IT environment, the company's accounting and information processing subsystems should be separate from the departments that use data and perform operational activities and ways this " separation of duties " is achieved.

$2.19