Laserfiche WebLink
Sarbanes -Oxley <br />(SOX) <br />Segregation of Duties <br />Matrix <br />CHAPTER 2: INTERNAL CONTROL CRITERIA <br />"Recommendation... Depositing of Funds for Services: <br />Remote cash and cheque collection points should be <br />established where appropriate customer service benefits are <br />evident. Documented internal controls need to be established <br />with such collection points. The ultimate remittance or deposit <br />of such collection receipts should be documented and <br />systematically performed by the applicable officials..." <br />"A fundamental element of internal control is the segregation of <br />certain key duties. The basic idea underlying segregation of duties <br />is that no employee or group should be in a position both to <br />perpetrate and to conceal errors or fraud in the normal course of <br />their duties. In general, the principal incompatible duties to be <br />segregated include: <br />• Custody of assets. <br />• Authorization or approval of related transactions affecting <br />those assets. <br />• Recording or reporting of related transactions. <br />• Execution of the transaction or transaction activity." <br />"Separation of Duties for Access Control Enforcement in Workflow <br />Environments ", R.A. Botha and J.H.P. Eloff, IBM Systems Journal, <br />Volume 40, Issue 3, March 2001 <br />"Separation of duty, as a security principle, has as its primary <br />objective the prevention of fraud and errors. This objective is <br />achieved by disseminating the tasks and associated privileges for <br />a specific business process among multiple users. This principle is <br />demonstrated in the traditional example of separation of duty <br />found in the requirement of two signatures on a check." <br />9 <br />