Skip to main content
Glossary

Segregation of Duties (SoD)

The principle that no single individual should control all phases of a critical process. By dividing responsibilities, organizations reduce the risk of error, fraud, and unauthorized actions.

Why it matters

When one person can both approve and execute a transaction, or both develop and deploy code to production, you have a single point of failure and a single point of abuse. Segregation of duties is a foundational internal control that auditors check in every engagement. It applies to financial processes, IT operations, access management, and change control. Without it, your control environment has a structural weakness that no amount of monitoring can fully compensate for.

In practice

Implementing SoD means mapping critical processes, identifying conflicting roles, and ensuring no individual holds both sides of a sensitive operation. Common examples: separate individuals for approving and processing payments, different teams for developing and deploying code, distinct roles for granting and reviewing access rights. In vucavoid, controls can be assigned to different owners, and effectiveness reports require sign-off from someone other than the control operator, embedding SoD into your compliance workflow.

Related terms

Control Effectiveness

A measure of how well a security control actually performs its intended function over time.

Internal Audit

An independent assessment of your own operations, controls, and compliance posture.

Cookie Use on Our Site

To ensure the smooth functioning of our website, we use a limited number of cookies. These cookies are essential for providing you with the services available on our website and to use some of its features. Here is a brief overview:
  • vucavoid_session: This cookie is essential for user authentication. It ensures that your session is secure and recognizes you as you navigate through our site.
  • XSRF-TOKEN: This cookie is critical for website security. It helps protect against cross-site request forgery attacks.
  • latest_marketing_banner_visible_{MARKETING_BANNER_ID}: This cookie simply remembers if you have seen our latest site banner, enhancing your browsing experience without tracking your personal data.

These cookies are strictly necessary to deliver the website, and therefore, we do not require your consent to place these cookies. For more information, please visit our Privacy Policy.