4-eyes principles 538



  • Is there a such rule in the SOX requirement named ‘4-eyes principles’? I have this scenerio:
    In my company, the marketing guys take care of keying the selling price in the system. However, there is a recommendation from our internal auditor saying that ‘one who keys in the price cannot release the price as it fails to meet the 4-eyes principle’. This has triggered a possibility to push the entering of price to the Salesman.
    Question is that Sales is liaising with customers directly and won’t it has a conflict of interest when pricing is concerned?



  • If you have read any of the other topics on this forum you will probably have gathered that there are no specific detailed rules in the SOx legislation. You can actually do what you like as long as you control the doing of it appropriately.
    I would be comcerned if you could not ask your internal auditors what they mean, they are supposed to be on your side.
    I can only think that the 4-eyes principle is a referance to wearing glasses, check whether your salesmen or your marketing men are the 4-eyes in your organisation.



  • The idea of the ‘four eyes’ principle, from what I am deciphering from the original message, is the concept that the input of critical master data (in this case price master data) should be double checked for accuracy by a second pair of eyes (in theory, only two eyes are required, so long as they do not both belong to the same person). Conceptually, the mistakes of the first person are caught by the second.



  • you are right. What they claimed was ’ the person who enters the price cannot relase the price’. The tricky portion is then the ‘dirty job’ , which is the process of entering the price will throw to another department which all along this job is never under the portfolio.



  • Sometimes we need six eyes.
    Segregation of duties: No single person can control a critical process without the help of others.
    It is a very good principle to separate the approval, recording and custody function of every critical process.
    Simple example: No single person must deliver, approve, and take payment.


Log in to reply