Separation of duties

Separation of duties (SoD) (also known as "Segregation of duties") is the concept of having more than one person required to complete a task. In business the separation by sharing of more than one individual in one single task is an internal control intended to prevent fraud and error. The concept is alternatively called segregation of duties or, in the political realm, separation of powers. In democracies, the separation of legislation from administration shall serve for unbiased government. The concept is addressed in technical systems and in information technology equivalently and generally addressed as redundancy.

Separation of duties is a key concept of internal controls. Increased protection from fraud and errors must be balanced with the increased cost/effort required.

In essence, SoD implements an appropriate level of checks and balances upon the activities of individuals. R. A. Botha and J. H. P. Eloff in the IBM Systems Journal describe SoD as follows.

Separation of duty, as a security principle, has as its primary objective the prevention of fraud and errors. This objective is achieved by disseminating the tasks and associated privileges for a specific business process among multiple users. This principle is demonstrated in the traditional example of separation of duty found in the requirement of two signatures on a cheque.

Actual job titles and organizational structure may vary greatly from one organization to another, depending on the size and nature of the business. Accordingly, rank or hierarchy are less important than the skillset and capabilities of the individuals involved. With the concept of SoD, business critical duties can be categorized into four types of functions: authorization, custody, record keeping, and reconciliation. In a perfect system, no one person should handle more than one type of function.

Principally several approaches are optionally viable as partially or entirely different paradigms:

...
Wikipedia