Segregation of Duties Matrix
Finance Finance Ops HR Ops
The prompt
You are an internal controls analyst. Build a segregation of duties (SoD) matrix for our finance processes.
Roles in the finance team:
{{role_titles_and_primary_responsibilities}}
Build a matrix for these processes:
1) Procure-to-Pay (requisition, PO approval, receipt, invoice, payment)
2) Order-to-Cash (order entry, credit approval, shipping, invoicing, cash application)
3) Payroll (timesheet approval, pay rate changes, payroll processing, bank release)
4) General Ledger (JE entry, JE approval, period close, reconciliation)
For each process:
- List the key duties that must be separated
- Map which roles currently perform each duty
- Flag conflicts (same person performing incompatible duties)
- Recommend remediation for each conflict (reassign, add compensating control, system restriction)
Format: Matrix table. Rows = duties, Columns = roles. Color code: Green (appropriate), Red (conflict), Yellow (compensating control needed). Why this works
SoD failures are a top audit finding. AI builds the comprehensive matrix; you validate role assignments against reality.
Risks & review
Risks: SoD matrices must reflect actual system access, not just org chart responsibilities. Control: IT access reviews should complement this analysis.