Tips to help you mitigate unavoidable risk conditions and keep your organization safe
Segregation of Duties (SoD) rules are an effective and efficient way to reduce the risk of fraud or other inappropriate activity in your ERP system. But there may be cases where it is impossible to segregate tasks, which may result in your inability to meet the control objective.
That’s where Compensating Controls come in. These are processes you should put in place to monitor activity in situations where, for example, a user needs to carry out combinations of tasks that are known to be risky.
When designing Compensating Controls, it’s important to focus on what you’re trying to achieve – i.e. to create an alternative means of providing the assurance intended by the original control requirement. A compensating control should, at minimum, meet the original control objective, if not exceed it, since it is likely detective in nature.
Watch this video below for Best Practice tips to help you design successful Compensating Controls that will satisfy your business needs, while meeting the objective to reduce the risk of fraudulent activity on your system. It gives you more insights into:
- What are Compensating Controls?
- When and why you may need them
- The objectives of the controls
- How to design, document, implement and review them
- 3 common examples.
I hope you find it helpful!
Specialized tools can help you to implement effective controls very efficiently. For example, our SoD and auditing solutions flag SoD conflicts and provide the ability to note mitigations and report on the associated compensating controls.
If you’d like to discuss your controls challenges, please contact us.