Across an enterprise there are various functions and these functions are performed, together by a set of roles/responsibilities. SoD says that these set of Roles/responsibilities should be assigned in such a way that, across an enterprise, any individual should not have end to end access rights over any function. The Roles and Responsibilities for the function should be divided in such a way that one person does not full right over the function that the risk of malicious activity of manipulation of the function is reduced. The more critical the function is, greater and clearer Segregation of Duties should be.

Ideally, single individual must not have authority of creation, modification, reviewing and deletion for any transaction / tasks / resources. If any individual has access rights to creation and modification, he can create and after getting it reviewed, he can modify it to do some fraudulent exercises. Similarly if an individual has creation and deletion rights he can create, initiate payment and later delete any transaction logs that can track his activity.