gopixa by Shutterstock segregation of duties, path going two ways

Segregation of Duties

The separation of duties concept prohibits the assignment of responsibility to one person for the acquisition of assets, their custody, and the related record keeping. For example, one person can place an order to buy an asset, but a different person must record the transaction in the accounting records. By separating duties, it is easier to prevent fraud, since at least two people would need to work together to do so - which is far less likely when compared to the situation where only one person is responsible for all aspects of accounting transaction. 

From risk management’s point-of-view, the distribution of tasks, such as review and approval, should be a part of the business process in financial and accounting systems. Supervisory review combined with easy internal controls reduces the risks associated with fraud and human errors. Role-setting combined with access controls allows the payment service to provide accurate and concurrent access rights – thus, individuals performing the same tasks have the same access rights, and internal audit controls are easier to make. User roles also help minimize the risk of inaccurate or excessively large access rights when compared to user-specific access rights that are more difficult to administer.

In order to ensure a complete audit trail of transactions in the payment service, the organization should ensure that every person participating in the payment process has their own unique ID, the worst-case scenario is sharing user ID:s and access rights. That old way of working significantly increases the risk of fraud and error.

Unique roles allow the system administrator to define the necessary rights to access information of the companies to which the user is required to access. This ensures transparency and compliance in financial processes.

The individual certification rights allow different processes for various types of payment materials. For example, when working with payment files, users who have the right to approve certain payment files can be specified and those files must always be approved by a “human”. For the most critical payment files, the business process could be set up to require multiple approvals by different key users.

Primary users that can make changes in settings should also be controlled. For example, one single user should not be able to make changes or have the permissions to for example set up new bank accounts in a multibank or corporate web bank system without an approval process from other named users. This limits the exposure to fraud and error in critical payment processes.

This is part of the banking solution, click here to learn more about Analyste Banking.

Latest blog posts

Cash flow forecasting reveals your company’s true liquidity
In simple terms, liquidity is the amount of cash you have available to pay the bills. In order to be prepared, organisations of all sizes must have...
Read More
Icy Roads and Currency Risks: Deja Vu All Over Again
The first snow seems to catch motorists off guard year after year here in the north. Bizarrely, the same seems to happen to companies facing...
Read More
Six reasons why every bank should offer a cash forecasting solution
A cash forecasting application done the right way is an excellent way for a bank to improve its cash management offering to corporate clients. Big...
Read More