Segregation of Duties

Previous page
Table of content
Next page

Segregation of duties is an important means by which fraudulent or malicious acts can be discouraged or prevented.

A common example of improper segregation of duties is allowing a single person within operations or the help desk to have the responsibility of ordering hardware/software, receiving and managing asset or inventory control. This type of structure could allow a single person to order and receive IT equipment without adding it to the asset-control system and, therefore, creates the opportunity for theft of equipment. In small organizations in which proper segregation of duties is not possible, the IT department must set up compensating controls. In this instance, the IT department could institute a daily/weekly review of all orders by a manager, to ensure that equipment is being added to the asset-control system.

The structure of the organization must consider segregation of incompatible duties, keeping in mind that segregation between operations and programming, as an example, might not be possible in smaller environments. The use of compensating controls, such as audit trails, might be acceptable to mitigate the risk that exists because of improper segregation of duties. IT functions such as systems development, computer operations, and security should be segregated.


The primary purpose of audit trails is to establish accountability and responsibility for processed transactions.



Previous page
Table of content
Next page
Exam Cram 2. CISA
Cisa Exam Cram 2
ISBN: B001EEFNHG
EAN: N/A
Year: 2005
Pages: 146
BUY ON AMAZON
Beginning Cryptography with Java
Absolute Beginner[ap]s Guide to Project Management
CISSP Exam Cram 2
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Introduction to 80x86 Assembly Language and Computer Architecture
Understanding Digital Signal Processing (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy