The basic requirements of fraud are motivation and opportunity. Accordingly, the best opportunity a company can offer a fraudster is weak or nonexistent Segregation of Duties (SoD). SoD is a critical internal control aimed at limiting opportunities for abuse by a single person, such as requiring two signatures on a cheque or separating the creation and approval of sensitive transactions.
In today’s automated business processes, SoD is enforced through business applications and ERPs, making breakdowns in these controls difficult to detect. In other situations, SoD conflicts caused by insufficient staffing create a physical inability to properly segregate duties, and are exacerbated by poor or missing compensating controls, such as the segregation of authorization and approval, or of budgeting and actual reconciliation.
Even with mature ERP systems, issues can inadvertently arise that lead to SoD violations. These issues underline the need to confirm that preventative ERP controls are working, and secondly, that it is just as important to analyze SoD access in other systems both upstream and downstream from the ERP platform. This is especially true in companies that alter their processes and the rules governing SoD.
The CaseWare™ Monitor SoD solution enables Segregation of Duties to be monitored holistically, ensuring that user authorizations are properly compartmentalized regardless of the business application, and as a secondary benefit, provides assurance that interfaces between different systems and business operations are working correctly. Since CaseWare Monitor is a framework rather than application specific, it can easily adapt to business process changes. Notifications and workflow management are built into CaseWare Monitor, ensuring that issues receive proper attention and that their resolutions can be managed.
Within a common portal, all stakeholders can examine SoD holistically across the enterprise, allowing for greater transparency and fraud prevention.
Reduce SoD risk
Automated monitoring of SoD controls immediately recognizes violations and sends notifications to relevant personnel to ensure that the organization is not negatively impacted.