EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

A conceptual model for segregation of duties: Integrating theory and practice for manual and IT-supported processes

Kevin W. Kobelsky

International Journal of Accounting Information Systems, 2014, vol. 15, issue 4, 304-322

Abstract: A fundamental element of internal control is the maintenance of adequate segregation of duties (SoD), the allocation of work so that an individual cannot both perpetrate and conceal errors or fraud in the normal course of their duties. Notwithstanding its importance, there has been limited research describing the conceptual basis for determining how duties should be segregated. Significant differences exist between the SoD model proposed in the theoretical literature, the model described in the pedagogical and practitioner literature and auditing standards, and the practices commonly implemented by organizations. The purpose of this paper is to synthesize a prescriptive model for SoD that reflects the insights of all three domains to address the weaknesses of each, and can be applied effectively. The synthesized model calls for segregation of six sets of duties among a minimum of five employees: three duties for manual processes, including asset custody and recording, primary authorization, and secondary authorization; and three more duties for computer-supported processes: access control granting, primary authorization of access control granting, and secondary authorization of access control granting. The model differentiates between a primary SoD, which enables detection of errors and requires at least two employees for manual processes and three employees for IT-supported processes, and a secondary SoD, which helps organizations maintain a consistent, repeatable level of internal control and requires at least three employees in a manual setting and five employees in an IT-supported setting. This is significantly different from both the three-way segregation called for in the theoretical literature and the model described in the pedagogical and practitioner literature and auditing standards. Insight provided by the new model also provides an opportunity for organizations to enhance the quality and/or reduce the cost of internal control in practice. Several future research opportunities are identified.

Keywords: Segregation of duties; Internal control; Information security (search for similar items in EconPapers)
Date: 2014
References: View references in EconPapers View complete reference list from CitEc
Citations: View citations in EconPapers (2)

Downloads: (external link)
http://www.sciencedirect.com/science/article/pii/S1467089514000293
Full text for ScienceDirect subscribers only

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:eee:ijoais:v:15:y:2014:i:4:p:304-322

DOI: 10.1016/j.accinf.2014.05.003

Access Statistics for this article

International Journal of Accounting Information Systems is currently edited by S.V. Grabski

More articles in International Journal of Accounting Information Systems from Elsevier
Bibliographic data for series maintained by Catherine Liu ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:eee:ijoais:v:15:y:2014:i:4:p:304-322