A fundamental element of internal control is the maintenance of adequate segregation of duties (SoD), the allocation of work so that an individual cannot both perpetrate and conceal errors or fraud in the normal course of their duties. Notwithstanding its importance, there has been limited research describing the conceptual basis for determining how duties should be segregated. Significant differences exist between the SoD model proposed in the theoretical literature, the model described in the pedagogical and practitioner literature and auditing standards, and the practices commonly implemented by organizations. The purpose of this paper is to synthesize a prescriptive model for SoD that reflects the insights of all three domains to address the weaknesses of each, and can be applied effectively. The synthesized model calls for segregation of six sets of duties among a minimum of five employees: three duties for manual processes, including asset custody and recording, primary authorization, and secondary authorization; and three more duties for computer-supported processes: access control granting, primary authorization of access control granting, and secondary authorization of access control granting. The model differentiates between a primary SoD, which enables detection of errors and requires at least two employees for manual processes and three employees for IT-supported processes, and a secondary SoD, which helps organizations maintain a consistent, repeatable level of internal control and requires at least three employees in a manual setting and five employees in an IT-supported setting. This is significantly different from both the three-way segregation called for in the theoretical literature and the model described in the pedagogical and practitioner literature and auditing standards. Insight provided by the new model also provides an opportunity for organizations to enhance the quality and/or reduce the cost of internal control in practice. Several future research opportunities are identified.

• 出版日期2014-12