The separation of duties for high-risk transactions.

 

 

 

 

 

 

A fundamental component of internal control is the separation of duties for high-risk transactions. The underlying separation of duties concept is that no individual should be able to execute a high-risk transaction, conceal errors, or commit fraud in the normal course of their duties.

You can apply separation of duties at either a transactional or an organizational level. For example, payroll has access to employee financial records, but only payroll managers can approve raises.

Answer the following question(s):

How do you define a high-risk transaction?
If you were a security professional in a company, what are four roles (two sets of two related roles) you would separate and why?

 

This question has been answered.

Get Answer