SOD controls are designed to reduce the opportunities for errors, mistakes, omissions, irregularities, and illegal acts perpetration and concealment. SOD is a primary internal control measure utilized for manual and automated systems. An autonomous function for computer data entry may exist within an enterprise. However, even if the entity distributes data entry (entering) responsibility to employees, SOD should be maintained. Furthermore; origination, processing, verification, signoff, and distribution responsibilities should be monitored and evaluated for violating SOD controls.
Protective measures should also be deployed to ensure information assets are maintained in a properly controlled and secured environment. Specifically, a physically and logically secure environment should exist at the GCC level. Regarding irregular and illegal acts, adequate IT personnel and inventory identification as well as access restrictions should be considered crucial controls. Pervasively, employing a competent information security manager can ensure continuous monitoring of general as well as application access.
“View Part I of the Irregularities and Illegal Acts Agreed-Upon Procedures Assessments series here“