CISA· ISACA
Certified Information Systems Auditor (ISACA)
ISACA’s CISA targets IS audit. 5 domains, ITAF and COBIT, 2,300+ questions with AuditBot explanations.
Term DefinitionControls
Segregation of Duties (SoD)
A principle preventing one person from controlling all steps of a critical process.
Segregation of Duties is a fundamental preventive control ensuring no individual can initiate, approve, and record a transaction alone. SoD violations are identified during audits and within ERP systems (SAP, Oracle, Workday). It is a pillar of SOX ITGC controls. In small organizations, strict SoD is often impossible; compensating controls (management reviews, enhanced monitoring) must then be implemented.
📌 Key points
- 3 functions to separate: initiation, approval, and recording of a transaction
- Frequent ERP violations: one user with conflicting roles
- Preventive control — more effective and less costly than detective controls
- In small organizations: compensating controls mandatory if SoD is impossible
- SoD matrices document role conflicts across the organization
Related certifications
These certifications cover the concept of "Segregation of Duties (SoD)" in depth.
CIA· IIA
Certified Internal Auditor (IIA, 3 Parts)
The IIA CIA certification covers this concept in Part 1 (framework, IPPF) and Part 2 (audit practice). 60+ lessons and 1,258 original questions.
🔗 Related concepts
ControlsComplianceControlsControlsAudit
IT General Controls (ITGC)
Foundational controls supporting the reliability of information systems.
SOX Compliance
Requirements of the Sarbanes-Oxley Act to prevent financial statement fraud.
Control Objective
A statement of what a control aims to ensure.
Control Deficiency
A flaw in the design or operation of an internal control.
Internal Audit
An independent, objective assurance and consulting activity to add value to operations.
📖 Related articles
Master this concept and more
Start your GRC certification journey today.