Describe the concept of separation of duties.

What will be an ideal response?

Among several internal control strategies, separation of duties is a cornerstone in the protection of information assets and in the prevention of financial loss. Separation of duties is used to reduce the chance of an individual violating information security and breaching the confidentiality, integrity, or availability of information. The control stipulates that the completion of a significant task that involves sensitive information should require at least two people. The idea behind this separation is that if only one person has the authorization to access a particular set of information, there may be nothing the organization can do to prevent this individual from copying the information and removing it from the premises. Separation of duties is especially important, and thus commonly implemented, when the information in question is financial.