Compensating Controls to Mitigate Risk
Summary
Learn about compensating controls as an additional risk management tool.Content
Introduction
Segregation of duties promotes the use of sound business practices and supports the achievement of a business process objective. When designing segregation of duties controls for a business or financial process, most business process owners start with identifying incompatible functions and then define the segregation of duties and systems access controls. However, the segregation of duties control cannot always be achieved in certain situations due to staffing limitations.
In some cases, an employee will perform all activities within a process. In this scenario, segregation of duties does not exist and risk cannot be identified nor mitigated in a timely manner. As a result, the implementation of additional compensating controls should be considered.