In addition to having a well-organized and defined data governance structure, Clayton State University must ensure that its organizational structure, job duties, and business processes include an adequate system of separation of duties (SOD) taking into account a cost-benefit and risk analysis. SOD is fundamental to reducing the risk of loss of confidentiality, integrity, and availability of information. To accomplish SOD, duties are divided among different individuals to reduce the risk of error or inappropriate action. For example, the employee or office responsible for safeguarding an asset should be someone other than the employee or office that maintains accounting records for that asset. In general, responsibility for related transactions should be divided among employees so that one employee’s work serves as a check on the work of other employees. When duties are separated, there must be a collusion between employees for assets/data to be used inappropriately without detection.
While electronic processes enhance accuracy and efficiency, they also can blur SOD. Clayton State University divisions, departments, and schools must evaluate and establish well-documented controls to deter an individual or an office from having the authority (or the ability) to perform conflicting functions both outside and within technology information systems.