K
You won’t find anything in SOX rules, as they are very general.
However, SOX requires each company to adopt a control framework, of which COSO is the most prominent.
COSO says that ‘segregation of duties generally entails dividing the responsibility for recording, authorizing, and approving transactions, and handling the related asset.’
Therefore, it appears that you have a segregation of duties issue. However, you must also consider what other controls are in place that might mitigate this issue. Smaller companies generally do not have the staff to segregate all functions like a larger company would. If that is the case, then where segregation of duties issues exist, mitigating controls should be identified.