Tuesday, February 21, 2006
Reporting for Separation of Duties, Sir!
To help ensure that current and former employees can't wreak havoc with finance and IT systems, "companies need to prove to auditors that only the right people have the right access."
Divvying up the work appropriately, however, is especially challenging at smaller companies, according to Nelli, because members of the finance team often back up each other, and some staffers work in both the general ledger and accounts payable. "On the face of it," he says, "it may be a conflict in terms of segregation of duties; but in small organizations, that is just how life is."
To guarantee that current and former workers don't have access to parts of the company that they shouldn't, an employer must update access rights regularly, experts say. One example that's commonly overlooked: E-mail addresses that often continue to function after employees have left the company, granting at least some degree of continued access.
posted by Brian Moran @ 8:58 AM