[1]Actual job titles and organizational structure may vary greatly from one organization to another, depending on the size and nature of the business.
With the concept of SoD, business critical duties can be categorized into four types of functions: authorization, custody, record keeping, and reconciliation.
Principally several approaches are optionally viable as partially or entirely different paradigms: A person with multiple functional roles has the opportunity to abuse those powers.
This matrix is not an industry standard, just a general guideline suggesting which positions should be separated and which require compensating controls when combined.
Smaller companies with a lack of SoD typically face concerns in disbursement cycles where unauthorized purchases and payments can occur.
If a single person can carry out and conceal errors and/or irregularities in the course of performing their day-to-day activities, they have been assigned SoD incompatible duties.
Separation of duties is commonly used in large IT organizations so that no single person is in a position to introduce fraudulent or malicious code or data without detection.