Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

PO4.11 - Segregation of Duties

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective PO4.11 - Segregation of Duties is contained within Process Popup Define the IT Processes, Organisation and Relationships

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

 
This Topic Has:
95 Members
0 Online
5092 Visits

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer


Segregation of Duties

Implement a division of roles and responsibilities that reduces the possibility for a single individual to compromise a critical process. Make sure that personnel are performing only authorised duties relevant to their respective jobs and positions.

View value and Risk Drivers  help

Hide value and Risk Drivers help


Value Drivers

  • Effective and efficient functioning of business-critical systems and processes
  • Proper protection of information assets
  • Reduced risk of financial loss and reputational damage
  Risk Drivers
  • Inappropriate subversion of critical processes
  • Financial loss and reputational damage
  • Malicious or unintentional damages
  • Non-compliance with external requirements for segregation of materially significant systems and business processes

View Control Practices  help

Hide Control Practices  help

  1. Establish standards that enforce appropriate segregation of duties. Periodically review and update the standards.
  2. Identify and document conflicting functions, such as the ability to initiate, authorise, execute and verify transactions. Ensure that segregation of duties is enforced physically and logically where appropriate.
  3. Ensure that procedures address the maintenance of appropriate segregation of duties and responsibilities during periods when regular personnel are unavailable (e.g., vacations, illness or leaves of absence).
  4. Review the impact on segregation of duties and reassign responsibilities where necessary when job roles and responsibilities are created or updated as a result of changing business needs or reorganisation.
  5. Design and implement compensating controls (e.g., regular review of individuals’ activities by senior IT management) where the size or nature of the IT function precludes full segregation of duties.

Discussions: 4 total

Must be a Topic member to contribute
Does anyone have any references or experience with SOD as it applies to Healthcare Revenue Cycle SOD?  I'm looking to start an Revenue Cycle SOD effort with a Healthcare client and would like to find an existing starting point if one already exists.
Yuriy022 | 11/14/2016 12:32:44 PM | COMMENTS(0)
Hello: Does anyone have suggestions or ideas on the best way to perform Segregation of Duties in NetSuite? Thank you. Regards, Karen Andersen
Karen953 | 7/22/2016 8:15:40 AM | COMMENTS(0)
Dear all, I would like to get a piece of advice about strange suggestion that I received. I was invited to a meeting to discuss on the skippable scope for project audit under PMO(Project management office)  functions.You may pop up the question mark when ...
Kyeong Hee341 | 10/19/2015 1:46:08 PM | COMMENTS(1)
Hi! I read an article of the Journal (What Every IT Auditor Should Know About Proper Segregation of Incompatible IT Activities). AT the bottom of the article there's a figure (Sample Organization Chart Demonstrating Effectual Segregation of IT Duties). ...
Lia471 | 11/15/2012 1:16:49 PM | COMMENTS(0)

Documents & Publications: 178 total

Must be a Topic member to contribute
View All »
Downloads
Posted by ISACA 1138 days ago
Downloads
Posted by ISACA 2223 days ago
Books
Posted by ISACA 108 days ago
Books
Posted by ISACA 441 days ago

Events & Online Learning: 18 total

16 Mar 2015
ISACA International Event
Orlando, FL, USA
15 Jun 2015
ISACA International Event
Ciudad de México, Mexico
21 Sep 2015
ISACA International Event
Miami, FL, USA
21 Sep 2015
ISACA International Event
06010 Mexico City, Panama
La Conferencia Latinoamericana CACS/ISRM
9 Nov 2015
ISACA International Event
Copenhagen, Denmark
Stay on top of the trends and opportunities of the dynamic technology industry at EuroCACS/ISRM —the leading European conference for IT audit, assurance, security and risk professionals.

Journal Articles: 199 total

Volume 3, 2017
by Indrajit Atluri, CRISC, CISM, CEH, CISSP, CSSLP, HCISPP, ITILv3
The resolve to address IoT device security at various levels—hardware and software, government and enterprise, consumers and services—is widespread.
Volume 3, 2017
by Sunil Bakshi, CISA, CRISC, CISM, CGEIT, ABCI, AMIIB, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP
What are threats associated with the use of the Internet of Things (IoT) and what approach should one have in implementing security for IoT?
Volume 3, 2017
by Sakthivel Rajendran, CISA, CRISC, CISM, CEH, GMOB
In today’s age of bring your own device (BYOD), the smartphone is one of the preferred mobile devices to access enterprise information.
Volume 3, 2017
by Sivarama Subramanian, CISA, and Balaji Swaminathan M., CISA, CISSP
During the Internet of Things (IoT) Village held at the DEF CON security conference in August 2016, 47 new vulnerabilities affecting 23 IoT devices from 21 manufacturers were disclosed.
Volume 3, 2017
by Kurt Kincaid, CISA, Lean Six Sigma Green Belt
What follows is a discussion of the nature of HTTPS, how it should be configured, and how to remotely assess that configuration for oneself, rather than relying on verbal or written attestation from server or application administrators.
Volume 2, 2017
by Trevor J. Dildy, CCNA
Today’s enterprises have solutions in place to help with the detection and management of their information systems vulnerabilities, especially as it relates to system software and firmware.

Wikis: 2 total

Blog Posts: 169 total

Seguro que todos hemos oído en los últimos meses noticiassobre ataques cibernéticos y el impacto que los mismos han tenido en diferentesindustrias y empresas. El último de ellos denominado “WannaCry” ha sidoconsiderado como uno de los mayores ataques info...
Posted By : Rene372 | 0 comments
Lately I have received a number of questions and concerns around NIST 800-171 so I wanted to write a quick brief on what you need to know.What is NIST 800-171?This is a special publication released by the National Institute of Standards and Technology (NI...
Posted By : Justin238 | 1 comments
Ransomware is a form of malware and is engineered to infect your personal computer and restrict access in some way, while demanding payment or ransom  to remove the restriction. First identified in 1989  under the name of PC Cyborg, today there are over 2...
Posted By : Robert658 | 1 comments
30 Mar 2017
When you think about your company information security, a greatest image come into your mind: * if my storage device crashed;* if my flashcopy in other storage device crashed too;* if my backup tape was in flame;* if my archive data was missed;* if my sec...
Posted By : MGPlay | 0 comments
Senior Manager           ultimate responsibility Information security Officer          functional responsibility Security Analyst           Strategic, develops policies and guidelines Owner         - Responsible for asset         - Determine level of clas...
Posted By : Muhammad554 | 0 comments
Manejo de TI interno. El tener toda la estructura de TI internamente, sin subcontrataciones, puede dar una acumulación de problemas difíciles de manejar para una sola organización.Asociaciones con contrapartes. Al trabajar en un proyecto conjunto con una...
Posted By : Gladys789 | 0 comments