Seperation of Duties 149
-
Where in SOX can I read about the seperation and/or segregation of duties? This is not geared towards auditors or attorneys directly…I am looking for general language.
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
James,
Both your question and SOX are vague in this area. SOX was not created on the basis for answering all the questions or variations between all companies Key Controls, rather it requires your company to establish its own standards and have those standards approved by its external auditing entity. I want to be of more help in answering your question, but there is no black and white answer for every company. Example; you have a company who collects cash from customers so the personnel collecting cash should not create the deposit slips, but you have smaller offices which are only staffed by 2 personnel and one of those people are out, then your segregation of duties is not present because the person collecting the cash is the one performing the deposit. The solution in this case is your detective controls you have in place to detect fraudulent behavior when the remote offices are understaffed due to illnesses. No ruling can ever be definitive for all public ally traded companies due to the diversity of our corporate world. I hope this has provided a little insight.
If someone does find a black and white answer withing SOX, please post it.
-
What Cassandra is pointing out is, to rethink your control strategy. Maybe seggregation of duty or a four-eye-principle is not sufficient within your situation. It might be better to e.g. rely on a preventiv automated control.
-
The key element here for SOX is really around your assessment of fraud. The core consideration is this: is the company taking reasonable steps to deter fraud?
I would suggest looking to the CFE (fraud auditors assoc) to come up to speed on common issues.
Best,
Toby Lucich