By definition, Segregation of Duties (SOD), also known as Segregation of Functions, is the method that helps to ensure task integrity through sustainable risk management and internal controls for mapping and assignment of essential functions to employees.
Based on the co-participation of responsibilities, SOD allows the companies to develop a culture of transparency and efficiency by assigning critical functions to different people or teams. In addition, it enables improved risk and fraud management.
What does that mean?
The main objective of SOD methods and policies is preventing conflicts of interest among between employees, duties or areas. The prevention is guided by the methodology principles, enabling the identification of the individual responsible for each function, which can avoid illegal acts, thus ensuring compliance in the organizations.
Receive our content by email
Fill in the fields below to register on our blog.
Companies are expect to adopt the appropriate SOD solutions, considering the segregation of duties among individuals or their groups. There are three different types of application:
- SoD by individuals (individual–level SoD) – This is the traditional and most basic level of segregation. In this case, SoD is accomplished by having different duties performed by different individuals.
- SoD by functions or organizational units (unit-level SoD) – At this level, different functions – for example, departments – perform the separated duties.
- SoD by companies (company-level SoD) – This level requires different legal entities to perform the operations.
How to build an SOD structure within a company
The first step to implement SOD methods is developing a matrix with potential conflicts. The next step is analyzing each point and highlighting risks and impacts of the conflicts of interest.
After that, it is possible to create a methodology to detect residual risks, so that the company can identify those to be addressed. Based on these data, it is time to select and implement internal controls to mitigate risks of frauds and illegal acts.
Then, the recommendation is segregating functions, when feasible, by redesigning the roles of each employee or THIRD PARTY in a appropriate manner.
Last, but not least, it is worth evaluating the access profiles, checking whether they reflect the conflicts described in the SOD matrix in order to redesign them, if required, and thus mitigating the potential risks.
As SOD is an internal control, the organization is expected to include it the risk management activities, by analyzing business processes in detail and making choices about detection and resolution of potential conflicts.
Ultimately, if any conflict persists, the recommendation is implementing compensation controls to properly manage the associated risks. Most importantly, SOD requires the company to have a clear understanding of the individuals involved with each function, their roles and any potential conflicts.
Post Linkedin: Segregation of Duties (SOD) is a method to manage conflicting relationships related certain functions in an organization. In this article, find out how SOD can help prevent failures and frauds. Check it out!
CAP2AM is an Identity Governance and Administration (IG&A) solution that establishes an integrated and effective flow among the main corporate systems and resources, ensuring a full synergy among governance, usability, integration and auditing.