Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

PO4.11 - Segregation of Duties

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective PO4.11 - Segregation of Duties is contained within Process Popup Define the IT Processes, Organisation and Relationships

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

 
This Topic Has:
102 Members
0 Online
5242 Visits

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer


Segregation of Duties

Implement a division of roles and responsibilities that reduces the possibility for a single individual to compromise a critical process. Make sure that personnel are performing only authorised duties relevant to their respective jobs and positions.

View value and Risk Drivers  help

Hide value and Risk Drivers help


Value Drivers

  • Effective and efficient functioning of business-critical systems and processes
  • Proper protection of information assets
  • Reduced risk of financial loss and reputational damage
  Risk Drivers
  • Inappropriate subversion of critical processes
  • Financial loss and reputational damage
  • Malicious or unintentional damages
  • Non-compliance with external requirements for segregation of materially significant systems and business processes

View Control Practices  help

Hide Control Practices  help

  1. Establish standards that enforce appropriate segregation of duties. Periodically review and update the standards.
  2. Identify and document conflicting functions, such as the ability to initiate, authorise, execute and verify transactions. Ensure that segregation of duties is enforced physically and logically where appropriate.
  3. Ensure that procedures address the maintenance of appropriate segregation of duties and responsibilities during periods when regular personnel are unavailable (e.g., vacations, illness or leaves of absence).
  4. Review the impact on segregation of duties and reassign responsibilities where necessary when job roles and responsibilities are created or updated as a result of changing business needs or reorganisation.
  5. Design and implement compensating controls (e.g., regular review of individuals’ activities by senior IT management) where the size or nature of the IT function precludes full segregation of duties.

Discussions: 4 total

Must be a Topic member to contribute
Does anyone have any references or experience with SOD as it applies to Healthcare Revenue Cycle SOD?  I'm looking to start an Revenue Cycle SOD effort with a Healthcare client and would like to find an existing starting point if one already exists.
Yuriy022 | 11/14/2016 12:32:44 PM | COMMENTS(0)
Hello: Does anyone have suggestions or ideas on the best way to perform Segregation of Duties in NetSuite? Thank you. Regards, Karen Andersen
Karen953 | 7/22/2016 8:15:40 AM | COMMENTS(0)
Dear all, I would like to get a piece of advice about strange suggestion that I received. I was invited to a meeting to discuss on the skippable scope for project audit under PMO(Project management office)  functions.You may pop up the question mark when ...
Kyeong Hee341 | 10/19/2015 1:46:08 PM | COMMENTS(1)
Hi! I read an article of the Journal (What Every IT Auditor Should Know About Proper Segregation of Incompatible IT Activities). AT the bottom of the article there's a figure (Sample Organization Chart Demonstrating Effectual Segregation of IT Duties). ...
Lia471 | 11/15/2012 1:16:49 PM | COMMENTS(0)

Documents & Publications: 174 total

Must be a Topic member to contribute
View All »
Downloads
Posted by FarmService 1264 days ago
Downloads
Posted by FarmService 2349 days ago
Books
Posted by ISACA 76 days ago
Books
Posted by ISACA 567 days ago

Events & Online Learning: 16 total

16 Mar 2015
ISACA International Event
Orlando, FL, USA
15 Jun 2015
ISACA International Event
Ciudad de México, Mexico
21 Sep 2015
ISACA International Event
Miami, FL, USA
21 Sep 2015
ISACA International Event
06010 Mexico City, Panama
La Conferencia Latinoamericana CACS/ISRM
9 Nov 2015
ISACA International Event
Copenhagen, Denmark
Stay on top of the trends and opportunities of the dynamic technology industry at EuroCACS/ISRM —the leading European conference for IT audit, assurance, security and risk professionals.

Journal Articles: 211 total

Volume 4, 2107
by Larry G. Wlosinski, CISA, CRISC, CISM, CAP, CBCP, CCSP, CDP, CIPM, CISSP, ITIL v3, PMP
The root causes of privacy incidents include the outsourcing of data, malicious insiders, system glitches, cyberattacks, and the failure to shred or dispose of privacy data properly.
Volume 3, 2107
by Jayakumar Sundaram, CISA, ISO 27001 LA
The SoA is a continuously updated and controlled document that provides an overview of information security implementation.
Volume 5, 2017
by Michael Werneburg, CIA, PMP
Service organizations with a bespoke application in a regulated industry have special challenges in addressing application vulnerabilities.
Volume 5, 2017
by T. Sean Kelly
Certain steps can be taken to build a strong respect for and practice of security into the cultural fabric of any organization, across all departments and areas of the business.
Volume 5, 2017
by Noman Sultan, Ph.D., CISM, CGEIT, CITP
It is extremely important that organizations invest in their leadership capabilities because leaders play an integral role in motivating, inspiring and influencing talent management.
Volume 4, 2017
by Steven De Haes, Ph.D., Anant Joshi, Ph.D., Tim Huygh and Salvi Jansen
IT governance, also referred to as governance of enterprise IT (GEIT) or corporate governance of IT, is a subset of corporate governance that is concerned with enterprise IT assets.

Wikis: 2 total

Blog Posts: 175 total

With the advancement of technology, many people are engaged on Internet to perform their day to day online activities. One out ofthree people are now planning to conduct and promote their business throughonline, so it has become as a fastest way of commun...
Posted By : Chiranjibi492 | 0 comments
In todays emerging technology the protection of Information is critical. Protection of information means not only the confidential data that the business is stand on but each user who use, modify and share within is keenly important. The definition of con...
Posted By : SHAMU2015 | 0 comments
ProposalI will come straight to the point, every country is now connected to the Internet Of The Thing available to public to access to their personal data, order stuffs, book tickets, book hotel, open bank account, view personal account and play around o...
Posted By : SHAMU2015 | 0 comments
24 Aug 2017
The Mobile Maritime Hub 2009-2050 is an strategic plan that started in 2009, in Vilanova i La Geltrú, a coastal town, to promote maritime, nautical, fishing and scientific activities in a seaside region, by a properly use of the technological tools exist...
Posted By : ramoncod | 0 comments
Few days ago the person behind the Hacking Team hack revealed how he did it in pastebin - (the original in Spanish) https://pastebin.com/raw/GPSHF04A I was very keen to understand how good you need to be to hack back one of the most (in)famous hacki...
Posted By : TiagoRosado | 0 comments
Recently while reading through various cyber security threat feeds, I ran across a very interesting article describing ways to protect your identity and personal data.  In the article the author discussed "Understanding your data-protection and privacy ri...
Posted By : James948 | 0 comments