Driving instructors often have dual controls fitted, so that if the person driving makes an error, it can be corrected in time to avoid a problem and keep everybody safe. It’s a safety net.
The 4-eyes principle is very similar: it is a security control used to mitigate against internal fraud and corruption, or to avoid mistakes. It requires two people to sign off on an action – typically, one to initiate it, and one to confirm that the action is acceptable.
Unlike the driving instructor example, this isn’t an expert/beginner divide. Ideally, the two people concerned would:
- Be independent, so that one can’t exert influence over the other
- Both understand the risks associated with the decision they are taking
- And understand that the action (and the people responsible for the action) would be logged, so that they are accountable for the decision taken.
This kind of control is often used by organisations not only to reduce the risk of fraud, but also to protect staff from the risk of being accused of fraud. A parish council, or a charity, might be required by their bank to operate such a system to authorise a payment. Other controls can be added to avoid collusion between those two people, such as a pool of authorised signatories.
What kind of tasks might require two sets of eyes?
This kind of action can be taken to:
- Improve quality by reducing error. Proofreading, for example, is better done by a second pair of eyes.
- Reduce error in high-risk situations. The example frequently used is of missile launches, but code changes to live environments is another – often requiring at least one person (who is not the coder) to review and approve a change, reducing the risk of system error or downtime.
- Reduce fraud and corruption. This is usually for financial transactions with one person initiating a payment and a second approving it, such as changes to payroll, but could be applied to other types of decisions affecting someone else’s life or career. A related use case is maintaining supplier records to verify changes to, for example, bank details. Two sets of eyes on any requested change reduces the risk of impersonation fraud.
No doubt there are many more examples where an independent review before making a change will reduce risk.
This kind of check can be implemented as part of a manual process, or it can be automated, so that, for example, a change to the configuration of a system cannot be made without two people independently logging in: one to set up the change, and the other to approve it. It may look like extra cost, but the impact of not putting in place such security controls can be significant.
Looking for help with checking that your processes (manual or automated) include appropriate security controls? Call 0113 733 6230 to talk to the Click and Protect team and find out how we can help.
