IBM Identity Governance and Intelligence (IGI) manages access risk controls by using conflicting, or sensitive, business activities to define access risks.
The general principle of risks in Identity Governance is that an individual employee should not be authorized to perform tasks, which might damage the organization.
A common example is that the person that creates a purchase order should not be the same person that approves the order. This duty separation prevents frauds, and errors. Role-Based Access Control models and manages this condition using the Segregation of Duty (SoD) concept. Segregation of Duty imposes constraints so that a user with a certain role cannot take on another role whose nature conflicts with the one already assigned.
Segregation of duties, also known as separation of duties, prevents frauds and errors by requiring more than one person to complete a task.