Make smart and accurate
software selection decisions
Podcasts, Webinars, and Videos
Interactive Case Studies
ERGO Decision Support System
Private Label Partnerships
TEC Case Studies
Software Evaluation Reports
Meet TEC's Experts
News and Press Releases
Working at TEC
Partner with TEC
Ask the Experts Question Raises Some Interest: What do you know about...
Ask the Experts Question Raises Some Interest: What do you know about Segregation of Duties and SOX?
July 18 2008
Every so often, Technology Evaluation Centers (TEC) analysts—our in-house panel of experts—receive questions from readers on a variety of software-related subjects. While mostly in the realm of software selection, evaluation, the latest technology offerings, or simply questions about business issues, on occasion we receive a request that piques our interest—especially when it is slightly outside of our realm. In an interest to keep our readers informed, we selected one reader’s question and decided to highlight it here—along with our responses. The subject?—
segregation of duties (SOD)
A couple of weeks ago, we received a message in TEC’s
Ask the Experts
mailbox from an individual looking for information on a how to prepare a segregation of duties (SOD) matrix for SOX compliance. He wrote:
"Looking for template for preparing SOD Matrix for SOX Compliance"
After doing some research into the subject, our TEC analysts replied with the following:
"While TEC deals with a wide variety of vendors in the enterprise software arena, we do not deal specifically in the area of compliance. Unfortunately we do not have a segregation of duties (SOD) matrix for SOX compliance however, through our research we have been able to find a few links that might help you get started with your project."
We readily provided a few links that we felt would be of interest regarding SOD and the creation of a SOD matrix.
Segregation of Duties Control Matrix
Segregation of Duties Evaluator
We further went onto say:
"TEC also has a library of white papers and articles. Here are a few that might be of interest to you that touch on the topic of segregation of duties (SOD)."
Controlling Access to Critical Enterprise Resources
- e-DMZ Security
The Challenges of Defining and Managing Governance, Risk Management, and Compliance
- P.J. Jakovljevic
How to Assess Unix Configurations with NetIQ
How a Leading Vendor Embraces Governance, Risk Management, and Compliance
- P.J. Jakovljevic
But we didn't stop there...
While the individual was very pleased with our responses, we decided to investigate SOD a little further. A few of our TEC analysts got together for a roundtable discussion and decided to write an article on Sarbanes-Oxley (SOX) and the importance of SOD with respect to Section 404 of the 2002 Act. The article covers some of the major points of consideration for organizations looking to beef up their SOX compliance efforts. These points include:
Traditional Audit and Compliance Issues Prior to SOX
What is SOD?
5 Areas Where IT Processes Conflict with SOD
If you’re interested in learning more about SOX and SOD, we highly recommend that you visit
to read this article.
It will be published some time in August.
We are certain that it will be a great source of information for any compliance-related projects your company might be involved in.
But before you go…
We’d like to learn a little more about what companies like yours are doing in regards to compliance, and more importantly internal controls. Please view our current polls regarding SOX and SOD.
comments powered by Disqus.
comments powered by
Interested in a better way to make software decisions?
Give us a call now: 1-800-496-1303 ext:404
Software Requirements Sets and Comparison Reports
Click here to leverage the experience of our 360 industry perspective