pose of te separation of duties control and why is it different between manual systems and computerized system
First of all let us understand the separation of duties “Separation of duties is the concept of having more than one person required to complete a task. In business the separation by sharing of more than one individual in one single task is an internal control intended to prevent Fraud. Separation of duty, as a security principle, has as its primary objective the prevention of fraud and errors.
Separation of duties in manual systems is different from Separation of duties in computerized systems. It is necessary to separate and control the function and duty in computer system because it is an information system. From an organizational point of view, it is essential to segregate the function of programming from the function of controlling input to the computer programs, and the function of the computer operator from the function of those having detailed knowledge or custody of the computer programs. The chances of fraud is increases in computer system because the person having control over data can do a fraud . As against in manual system such type of incidence are least to occur
In Manual world a database record is typically separated from its history as The key purposes to keep the relevant” history within each database record.
User control activities are controls performed by users of IT information to test its accuracy and completeness.
Manual application control activities are manual follow-up of computer exception reports. Controlling in computerized system can be done at following stages
(a) At the time of developing and customizing new programs and systems,
(b) When changing existing programs and systems,
(c) access to programs and data, and
(d) IT operations.
Strict control of software and data changes will require that the same person or organizations performs only one of the following roles:
· Identification of a requirement (or change request); e.g. a business person
· Authorization and approval; e.g. an IT governance board or manager
· Design and development; e.g. a developer
· Review , inspection and approval; e.g. another developer or architect.
· Implementation in production; typically a software change or system admin
