Professional Documents
Culture Documents
org/cisabooks)
The segregation of duties control matrix below (exhibit 2.9) is illustrative of potential segregation of duties issues. It should not be viewed or used as an absolute, rather it should be used to help identify potential conflicts so proper questions may be asked to identify compensating controls. In actual practice, functions and designations may vary in different enterprises. Actual job titles and organizational structures also may vary greatly from one organization to another, depending on the size and nature of the business.
Systems Analyst
Control Group
Control Group Systems Analyst Application Programmer Help Desk and Support Manager End User Data Entry Computer Operator Database Administrator Network Administrator System Administrator Security Administrator Systems Programmer Quality Assurance X X X
Data Entry X
End User
2007 ISACA