Balancing Risk and Friction in SoD

Separation of duties breaks risky flows into steps handled by different people or services. In practice, SoD fails when:

• Policies lag behind real workflows.
• Exceptions become the norm.
• Reviews are quarterly theater.

Fix: define risk-weighted controls, add just-in-time approvals, and automate evidence for auditors. Focus on the riskiest 10% of transactions instead of slowing everything.