Browse Prior Art Database

System and Method for Separation of Duties

IP.com Disclosure Number: IPCOM000033495D
Original Publication Date: 2004-Dec-13
Included in the Prior Art Database: 2004-Dec-13

Publishing Venue

IBM

Abstract

Disclosed is a Lotus Notes Separation of Duties, a system and method for organizational and departmental separation of duties. Separation of Duties is ... A business process to ensure that tasks (duties), system accesses, and physical accesses are assigned so that any one person cannot control multiple stages of a process or sub process in which errors, waste, or fraud could occur without detection. The key to the prevention and/or detection of error, waste, and fraud by identifying and preventing conflicts of tasks or accesses to applications or systems. The Lotus Notes Separation of Duties Data Base relates generally to the separation of duties, specifically to a system and method for coordinating and approving, establishing business risks information. More particularly, the present database relates to a system and method for consolidating department tasks, both system and manual, via automated technology, allowing for on-line approvals, validations, associated documentation, securing business risks and providing computerized tracking. Provides a system and method for separation of duties matrix through which department employees, approvers are notified that department separation of duties matrix and all associated business risks require their attention and authorization. Provides all associated documentation which is produced in full corporate compliance. Provides edits and controls to secure separation of duties compliance. Provides a total closed loop separation of duties business process that accommodates the requestor, manager and multiple approving organizations, notifies organizations of separation of duties approval and generates all necessary documentation. Process activities : - Process tasks (create or verify order data, print invoices, receive customer payment, and others) - Process control points (such as manager approvals) Application functions and accesses: - Operational access for the end users (consistent with operational process tasks (insert/update/delete) or view or print; also system control points, such as on-line manager approval) system administrator access (create/delete userids, update master data tables, and others), application maintenance (controls for programmer access to development, test, and production systems) Physical accesses: - Such as physical inventory in a warehouse, safes, preprinted forms which need to be controlled, and others The SOD process will ensure that someone with physical access to marketable (could be sold on the street) parts should not prepare and authorize a scrap ticket and be the sole witness to the destruction (physical scrapping) of the parts. If they had this ability, then they could take good marketable parts and pretend to scrap them ... stealing the good parts to make a profit for themselves. The "aggregate separation of duties " (combination) of (1) tasks and (2) application accesses assigned to any one individual must be evaluated to ensure that conflicts do not exist: - Within the tasks for the operational process and sub processes, including physical accesses - Within the application being sponsored for ASCA certification - Between the application under review and all other applications under which the same individual has some authority - Between all the system accesses and any manual tasks or physical accesses Each individual's job responsibilities should be analyzed for conflicts