Ask the Experts Question Raises Some Interest: What do you know about Segregation of Duties and SOX?

Every so often, Technology Evaluation Centers (TEC) analysts—our in-house panel of experts—receive questions from readers on a variety of software-related subjects. While mostly in the realm of software selection, evaluation, the latest technology offerings, or simply questions about business issues, on occasion we receive a request that piques our interest—especially when it is slightly outside of our realm. In an interest to keep our readers informed, we selected one reader’s question and decided to highlight it here—along with our responses. The subject?—segregation of duties (SOD).

A couple of weeks ago, we received a message in TEC’s Ask the Experts mailbox from an individual looking for information on a how to prepare a segregation of duties (SOD) matrix for SOX compliance. He wrote:

"Looking for template for preparing SOD Matrix for SOX Compliance"

After doing some research into the subject, our TEC analysts replied with the following:

"While TEC deals with a wide variety of vendors in the enterprise software arena, we do not deal specifically in the area of compliance. Unfortunately we do not have a segregation of duties (SOD) matrix for SOX compliance however, through our research we have been able to find a few links that might help you get started with your project."

We readily provided a few links that we felt would be of interest regarding SOD and the creation of a SOD matrix.

Segregation of Duties Control Matrix

Segregation of Duties Evaluator

We further went onto say:

"TEC also has a library of white papers and articles. Here are a few that might be of interest to you that touch on the topic of segregation of duties (SOD)."

Controlling Access to Critical Enterprise Resources - e-DMZ Security

The Challenges of Defining and Managing Governance, Risk Management, and Compliance - P.J. Jakovljevic

How to Assess Unix Configurations with NetIQ - NetIQ

How a Leading Vendor Embraces Governance, Risk Management, and Compliance - P.J. Jakovljevic

But we didn't stop there...

While the individual was very pleased with our responses, we decided to investigate SOD a little further. A few of our TEC analysts got together for a roundtable discussion and decided to write an article on Sarbanes-Oxley (SOX) and the importance of SOD with respect to Section 404 of the 2002 Act. The article covers some of the major points of consideration for organizations looking to beef up their SOX compliance efforts. These points include:

  • Traditional Audit and Compliance Issues Prior to SOX

  • What is SOD?

  • 5 Areas Where IT Processes Conflict with SOD

  • SOD Checklist

If you’re interested in learning more about SOX and SOD, we highly recommend that you visit TEC’s website to read this article. It will be published some time in August. We are certain that it will be a great source of information for any compliance-related projects your company might be involved in.

But before you go…

We’d like to learn a little more about what companies like yours are doing in regards to compliance, and more importantly internal controls. Please view our current polls regarding SOX and SOD.



comments powered by Disqus