Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

PO4.11 - Segregation of Duties

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective PO4.11 - Segregation of Duties is contained within Process Popup Define the IT Processes, Organisation and Relationships

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

 
This Topic Has:
99 Members
0 Online
5152 Visits

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer


Segregation of Duties

Implement a division of roles and responsibilities that reduces the possibility for a single individual to compromise a critical process. Make sure that personnel are performing only authorised duties relevant to their respective jobs and positions.

View value and Risk Drivers  help

Hide value and Risk Drivers help


Value Drivers

  • Effective and efficient functioning of business-critical systems and processes
  • Proper protection of information assets
  • Reduced risk of financial loss and reputational damage
  Risk Drivers
  • Inappropriate subversion of critical processes
  • Financial loss and reputational damage
  • Malicious or unintentional damages
  • Non-compliance with external requirements for segregation of materially significant systems and business processes

View Control Practices  help

Hide Control Practices  help

  1. Establish standards that enforce appropriate segregation of duties. Periodically review and update the standards.
  2. Identify and document conflicting functions, such as the ability to initiate, authorise, execute and verify transactions. Ensure that segregation of duties is enforced physically and logically where appropriate.
  3. Ensure that procedures address the maintenance of appropriate segregation of duties and responsibilities during periods when regular personnel are unavailable (e.g., vacations, illness or leaves of absence).
  4. Review the impact on segregation of duties and reassign responsibilities where necessary when job roles and responsibilities are created or updated as a result of changing business needs or reorganisation.
  5. Design and implement compensating controls (e.g., regular review of individuals’ activities by senior IT management) where the size or nature of the IT function precludes full segregation of duties.

Discussions: 4 total

Must be a Topic member to contribute
Does anyone have any references or experience with SOD as it applies to Healthcare Revenue Cycle SOD?  I'm looking to start an Revenue Cycle SOD effort with a Healthcare client and would like to find an existing starting point if one already exists.
Yuriy022 | 11/14/2016 12:32:44 PM | COMMENTS(0)
Hello: Does anyone have suggestions or ideas on the best way to perform Segregation of Duties in NetSuite? Thank you. Regards, Karen Andersen
Karen953 | 7/22/2016 8:15:40 AM | COMMENTS(0)
Dear all, I would like to get a piece of advice about strange suggestion that I received. I was invited to a meeting to discuss on the skippable scope for project audit under PMO(Project management office)  functions.You may pop up the question mark when ...
Kyeong Hee341 | 10/19/2015 1:46:08 PM | COMMENTS(1)
Hi! I read an article of the Journal (What Every IT Auditor Should Know About Proper Segregation of Incompatible IT Activities). AT the bottom of the article there's a figure (Sample Organization Chart Demonstrating Effectual Segregation of IT Duties). ...
Lia471 | 11/15/2012 1:16:49 PM | COMMENTS(0)

Documents & Publications: 177 total

Must be a Topic member to contribute
View All »
Downloads
Posted by ISACA 1196 days ago
Downloads
Posted by ISACA 2281 days ago
Books
Posted by ISACA 8 days ago
Books
Posted by ISACA 499 days ago

Events & Online Learning: 18 total

16 Mar 2015
ISACA International Event
Orlando, FL, USA
15 Jun 2015
ISACA International Event
Ciudad de México, Mexico
21 Sep 2015
ISACA International Event
Miami, FL, USA
21 Sep 2015
ISACA International Event
06010 Mexico City, Panama
La Conferencia Latinoamericana CACS/ISRM
9 Nov 2015
ISACA International Event
Copenhagen, Denmark
Stay on top of the trends and opportunities of the dynamic technology industry at EuroCACS/ISRM —the leading European conference for IT audit, assurance, security and risk professionals.

Journal Articles: 206 total

Volume 4, 2107
by Larry G. Wlosinski, CISA, CRISC, CISM, CAP, CBCP, CCSP, CDP, CIPM, CISSP, ITIL v3, PMP
The root causes of privacy incidents include the outsourcing of data, malicious insiders, system glitches, cyberattacks, and the failure to shred or dispose of privacy data properly.
Volume 3, 2107
by Jayakumar Sundaram, CISA, ISO 27001 LA
The SoA is a continuously updated and controlled document that provides an overview of information security implementation.
Volume 4, 2017
by Steven De Haes, Ph.D., Anant Joshi, Ph.D., Tim Huygh and Salvi Jansen
IT governance, also referred to as governance of enterprise IT (GEIT) or corporate governance of IT, is a subset of corporate governance that is concerned with enterprise IT assets.
Volume 4, 2017
by Mathew Nicho, Ph.D., CEH, CIS, ITIL Foundation, RWSP, SAP, Shafaq Khan, Ph.D., CIS, PMBOK, PMP, SAP and Ram Mohan, CRISC, CISM, CGEIT, ISO 27001
The Emirates National Oil Company embarked on an initiative to realize value out of IT assets through Information Technology Infrastructure Library (ITIL) process implementation.
Volume 4, 2017
by ISACA | Reviewed by Ravi Ayappa, Ph.D., CISA, CRISC, CISM
Transforming Cybersecurity is a useful handbook for any cyber security practitioner, information security manager (ISM) or IT auditor.
Volume 4, 2017
by Tolga Mataracioglu, CISA, CISM, COBIT Foundation, BS 25999 LA, CCNA, CEH, ISO 27001 LA, MCP, MCTS, VCP
In this article, the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) ISO/IEC 27001:2013 standard is introduced briefly and compared to ISO/IEC 27001:2005.

Wikis: 2 total

Blog Posts: 169 total

La demanda de servicios bancarios a través de Internet, producto del surgimiento de nuevas necesidades en los consumidores atraídos por el auge tecnológico, mantiene a las entidades financieras inmersas en una encrucijada en la cual deben equilibrar el ni...
Posted By : Gerardo Zuñiga | 1 comments
Places where the relevant principles of COBIT map to COSO 2013 principles* are marked as Yes. .ExternalClassAA9D49C4D9F042DC96DF42A7B720A8E8 table {;} .ExternalClassAA9D49C4D9F042DC96DF42A7B720A8E8 .font51287 {color:black;font-size:9.0pt;font-weig...
Posted By : Sugandh | 0 comments
Seguro que todos hemos oído en los últimos meses noticiassobre ataques cibernéticos y el impacto que los mismos han tenido en diferentesindustrias y empresas. El último de ellos denominado “WannaCry” ha sidoconsiderado como uno de los mayores ataques info...
Posted By : Rene372 | 0 comments
Lately I have received a number of questions and concerns around NIST 800-171 so I wanted to write a quick brief on what you need to know.What is NIST 800-171?This is a special publication released by the National Institute of Standards and Technology (NI...
Posted By : Justin238 | 1 comments
Ransomware is a form of malware and is engineered to infect your personal computer and restrict access in some way, while demanding payment or ransom  to remove the restriction. First identified in 1989  under the name of PC Cyborg, today there are over 2...
Posted By : Robert658 | 1 comments
30 Mar 2017
When you think about your company information security, a greatest image come into your mind: * if my storage device crashed;* if my flashcopy in other storage device crashed too;* if my backup tape was in flame;* if my archive data was missed;* if my sec...
Posted By : MGPlay | 0 comments