~3-page information security policy template on division (or segregation) of responsibilities and duties between individuals.
Responsibilities and rôles relating to vital procedural control points within critical business processes should be divided or segregated amongst multiple individuals in order to reduce the possibility of fraud or data entry errors. For example, it should be difficult if not impossible for one person to both submit and authorize a funds transfer or payment transaction.
Various information security activities can be bolstered by requiring and ensuring the involvement of more than one person: audits are a classic example, where the auditor's independence brings a fresh set of eyes and reduces the fear of retribution when significant concerns are raised.
Divisions can be challenging for small organisations, but provided there are at least two people on the payroll or external specialists available, some division is possible.
Supplied as an MS Word document, readily customised for your organisation's specific situation.
Division of responsibilities policy
Information security policy template on division of responsibilities
See also the policies on: