X-raying Segregation of Duties: Support to illuminate an enterprise's immunity to solo-fraud

This paper presents an application of an automated scientific method to measure the quality of the design of Segregation of Duties, also known as Separation of Duties (SoD). The automated method enables an auditor to map out a body of authorizations and X-ray it on SoD. The body of authorizations is shaped by the so-called enterprise value cycle, or supercycle. The method supports an integral, top–down, diagram-based approach, including all automated and non-automated parts of an enterprise.Input is an enterprise supercycle diagram with authorizations and abilities. Output is an overview of all potential single-employee fraud constructs, also called potential solo-frauds, that are able to undetectably subtract value from the enterprise. As remediation the automated method indicates which authorization restrictions are minimally required to create a SoD in which solo-fraud is impossible.This paper is the first publication of this method in the international scientific Accounting and Auditing community.