Segregation of duties in IT systems

We develop tools to manage the risks associated with user errors and/or abuse of information systems.

Background

• The need to identify excessive and/or conflicting access rights to prevent the risk of misstatement in financial statements and minimize the risk of fraudulent transactions.
• The need to identify unauthorized transactions, unauthorized access to critical and/or confidential information.

Kept methodology

When identifying potential risks of combining authorities, Kept follows the rule that conflicting functions in respect of one operation should be eliminated for one employee. It applies to functions related to ensuring asset integrity, the initiation and approval of any operations in the system, as well as the recognition of operations in accounting records and the performance of internal control procedures in respect of the operations.

Value to the business

• Reducing the risks of intentional and unintentional errors and abuse by users.
• Identification of instances of conflicting and excessive authorities of users both in business processes and in information systems.
• Reduced labor efforts of IT, internal control, audit, information security specialists in the processes of granting access to users, analysis and audit of existing access rights in information systems.

Kept also developed its own solution – Kept Access Monitor, which is designed to analyze the segregation of authorities of corporate IT systems users. More information is available in the brochure.