Separation of Duties

Definition

The control requiring that no single person both initiates and approves a financial transaction — the modern form of 'two signatures on every check'.

Worked Example

Example matrix:

Action                    Initiator        Approver
Enter vendor invoice      AP clerk         finance lead
Pay invoice > $10,000     finance lead     admin
Change bank account       admin            superadmin (2nd factor)

Interpretation & Pitfalls

Most internal fraud requires one person controlling a whole chain; separation breaks the chain cheaply.

In TupicFinance

RBAC tiers and approval flows encode separation of duties into the permission model.