Security control is an essential part of any organisation, without which an employee may be performing a number of non-essential tasks, for example: a data entry operator could create Masters, view the Trial Balance, Final Accounts, Ratio Analysis or delete essential information etc.,
Security controls need to be defined based on the work profile of an employee. Typically, in an organisation the administrator has all the access rights to the system, whereas the employees are given access rights based on their work profile demonstrating segregation of duties.