First of all the post gives another argumentation for the need for controls (for me, the need for policies can be justified in a similar way). The authors reports on experience with controls and SoD. He observes two problems in companies:
- An employee having too much responsibilities can be tempted to diminish the quality of his work, either by frauding the realization of his tasks because of improper supervision or by simply not being ready to deliver the performance that is expected from him. Not being able to discover and control these discrepancies is certainly a big leak in a company's internal procedures. This point related to SoD controls.
- The second problem according to [1] is that there is a inherent risk in companies, and that is of continuously forgetting about the most important things to do and concentrating on the most urgent things to do. He makes a parallel between our own lives and companies. We tend to give a higher priority to urging tasks that have to be done and neglect what is really important, although we know that it is. Example: I know that it is important to control the quality of the development of an application that is being developed in India by providing and testing adequate test data. the problem is that at the same time, I have to deliver reports to the management about project planning and expenses for development projects for the region. I will eventually forget about the first task and accept the delivered product because of no time to test it. The same thing happens to companies when it is about designing internal controls.
so these are two points coming from the reality of the business. Although most companies starting to struggle with compliance management do so because of the legal pressure applied on them, taking such concerns int o account will eventually make its place, when companies understand the value they get out of internal controls because they allow them to actively manage risks and avoid unexpected failures of business processes.
Marwane El Kharbili.
[1] Explaining Segregation of Duties. SOX Life Blog Post. http://www.insidesarbanesoxley.com/soxlife/2007/05/explaining-segregation-of-duties.asp.
No comments:
Post a Comment