(22)Give examples of Segregation of Duties Controls?



Answer: Following are some of the examples of segregation of duties:

(1)Transaction Authorization:
  • Maker-checker concept requires two (or more) persons to approve certain transactions.
  • In IT applications, transactions meeting certain criteria (exceeding normally accepted limits or conditions) may require a manager’s approval to be able to proceed.
(2)Split custody of high-value assets:
  • High value assets can be protected using various means of split custody.
  • Banks do this for central vaults, where a vault combination is split into two or more pieces so that two or more are required to open it.
  • Similarly, for critical applications, two or more passwords (available with different individuals) to be required for access. 

(3)Workflow:
  • In workflow type systems, extra management approval is required for administrative privileges.
(4)Periodic reviews:
  • Periodic review is required to identify whether any segregation of duties issues exist.
  • The access privileges for each worker can be compared against a segregation of duties control matrix.