The 21st Minute


Segregation of Duties

CaseWare Monitor Applications

The main elements required for fraud are motivation and opportunity. Accordingly, the best opportunity a company can offer a fraudster is weak or nonexistent Segregation of Duties (SoD). SoD is a critical internal control aimed at limiting opportunities for abuse by a single person, such as requiring two signatures on a check or separating the creation and approval of sensitive transactions.

Application Controls

  • Evaluate transactional data against control settings
  • Identify where custom transactions or programs may be inadvertently bypassing standard system controls
  • Compare application control settings to control tables to identify potential changes
  • Identify  excessive use of system override

Change Controls

  • Identify program changes not appearing on change control logs
  • Compare key program or file size, timestamps, and other characteristics to a control table to identify instances where a change has occurred
  • Evaluate emergency change frequency by user, application, department, etc.

Application & System Security

  • Extract security rules and independently verify SOD
  • On potential SOD issues are identified, determine whether rights were exploited
  • Examine the user IDs associated with specific transactions to determine  whether  SOD violations have occurred (e.g. initiator = approver)
  • Identify where users with the same role have different access rights
  • Highlight users with powerful profiles / responsibilities
  • Identify user profile / responsibility changes made immediate prior to or shortly after an audit
  • Identify concurrent logins of the same ID
  • Look for patterns of failed access attempts to key users (CEO, CFO, Payroll, etc.)

Data Quality

  • Analyze master data for missing information
  • Identify inconsistencies in data input
  • Detect duplicate records
  • Assess data for suspicious or erroneous  entries (e.g., description fields with less than 2 characters input)
  • Stratify quality metrics by employee to identify training opportunities
  • Identify outdated or unused information

Areas of Applications , CaseWare Monitor

Posted By


Related Posts
Give Python a Go
Mar 29 Python is considered the official programming language for non-programmers. It gives you increased flexibility and expansive access to your data. For those usin...
No Image
Sep 19 The general ledger is the core of the financial reporting system. Since the GL holds nearly all the financial information used to create the financial statement...
No Image
Nov 07 The SmartAnalyzer Financial App and other Audimated Apps are very powerful additions to IDEA. However, some users may find that they need a little assistance us...

This website has been designed for modern browsers. Please update. Update my browser now