I am sharing my response on Separation of duties.
1. Why should duties be segregated?
Segregation of duties (SOD) aids in managing conflict of interest and fraud within the organization.
• SOD ensures restricting the power held by one individual.
• SOD helps in maintaining the record who controls and grants the access to information, which helps is risk management for the organization.
• SOD helps in streamlining the tasks between different departments and makes it easy to catch errors and most importantly Intellectual Property conflicts.
• Streamlining the tasks also ensures the tasks to be efficient and cost efficient as well.
2. How can management determine if duties are properly segregated?
It easy to implement proper duty segregation; their customizable workflows often make it easier for users to falsify accounting records, make illegal payments, and access and steal sensitive data. Segregation of duties may be easier to achieve in larger organizations with bigger budgets and more comprehensive staffing; for smaller companies with limited personnel and resources, it can present a challenge.
3. What if management has inadequate staff to properly segregate all duties?
Smaller units may not be able to obtain the ideal system of four employees each performing one of the four different duties. In these instances, mitigating controls can be used to decrease risk.
4. Find and share an example (news article online) where the separation of duties would have prevented an insider threat from exploiting a system. Describe how you would have prevented this incident.
Insider threat has become a significant issue. There have been considerably more reported insider threat incidents over the past few years. According to the 2009 e-Crime Watch Survey in which 523 organizations were involved, 51% of the organizations experienced an insider attack, which increased from 39% three years ago.3 Since these were only reported incidents of attacks, it is likely more than 51% of organizations experience such attacks. From the recent Cyber-Ark Global Survey conducted in the spring of 2011 with 1,422 IT staff and C-level professionals, 16% of the surveyed individuals believe that insiders have stolen highly sensitive and valuable intellectual property, such as customer lists and product information, which have been transferred or sold the organizations’ competitors.
As the business grows so does the increase in levels of hierarchy of the company .This shows that any task cannot be done by a single individual , if done so that consumes most of the time to complete an operation . So segregation of duties creates an ease in business processes to get the tasks done efficiently and effectively and expose the risks involved in any particular task that are being carried out in any organization by a single employee i.e., for example, if transaction , billing and closing for a particular task are done by single individual , there is a risk factor involved of that individual exploiting the system and can become unnoticed by any other employee or employer of the company. So any duty should be done by at least more than a single individual so that , the errors can be caught and prevent internal fraud in the business. Duties can also be segregated to assure that the transactions are correct , reported with accuracy and are adhering to rules and regulations of the company.
Management and its review to determine proper segregation of duties
Management can record the end results of both prior to separation of duties and post separation of duties and perform a final assessment to determine if duties are properly segregated or not.
Challenges of management having inadequate staff
Not all processes require highly qualified personnel . So, few duties may just be mitigated by imbibing mitigation controls in the system.Duties which can give us a least risk can be reduced by introducing mitigation controls into the system.
Real time scenario and views on it
On May 2013 , Edward Snowden's whistle blowing regarding NSA ( National Security Agency ) documents can be taken as an example that might have mitigated threat to NSA , if proper prior strategies like segregation of duties are put into its system . According to ABC news , "Snowden was earlier appointed as a contractor with NSA who managed to download and steal an estimated 1.7 million confidential files". According to Reuters , International News Agency’s article,Russian President said that “Snowden leaking the secrets is wrong but he is not a traitor “.
The leak created direct or indirect knowledge gain among the public regarding the NSA surveillance operations.
President Obama then urged to segregate a panel consisting of 5 experts to deal with the issue.The panel prepared 300 page report for the President with 46 recommendations which were far reaching .
To conclude , I would recommend being proactive instead of being reactive to the issue by practising strong internal controls, applying transparency in organizational processes,segregation of duties for all the tasks that are being performed in its operations and implementing employee evaluation practice under scrutiny to avoid internal threats in the organization.
In regards to separation of duties (from your readings), answer the following questions:
· Why should duties be segregated?
· How can management determine if duties are properly segregated?
· What if management has inadequate staff to properly segregate all duties?
· Find and share an example (news article online) where separation of duties would have prevented an insider threat from exploiting a system. Describe how you would have prevented this incident.
For this week, you need to respond to 2 of your peer's initial responses. Your replies need to be more than 1 or 2 sentences to obtain credit for posting. Describe how you agree or disagree with their post. Add to their post, but do not attack their position. In your reply, support how your peer would have prevented the incident they presented, or another method for preventing the insider threat. Be sure to describe your solution. In total, you need to have more than 3 posts (your initial and 2 replies to receive full credit).