Testing segregation of duties 547



  • How is everyone testing this control? Is it just a system access issue? I see it as both that as well as a policy. Is reviewing job descriptions a good enough test for the control? For example, I have two controls:
    1 - Credit funtions are independent of order entry.
    2 - System access to credit funtions is limited to the Credit specialist.
    Are these two controls or just one?



  • Cheryl -
    The best way to test this is to log on as a Credit Specialist and and an Order Entry person to see if they system allows any ‘backdoors’. For instance, if you log on as a Credit Specialist, can you still go to the menu or screens that an Order Entry person sees and vice versa.
    With my experience with ERP/Security and knowledge of SOX, I would agree that the Credit functions are independent from Order Entry and system access to credit functions should be limited to a Credit Specialist only.
    Treat this as 2 control activities and make one a key for testing purposes.
    My 2 cents…
    How is everyone testing this control? Is it just a system access issue? I see it as both that as well as a policy. Is reviewing job descriptions a good enough test for the control? For example, I have two controls:
    1 - Credit funtions are independent of order entry.
    2 - System access to credit funtions is limited to the Credit specialist.
    Are these two controls or just one?


Log in to reply