Segregation of Duties
Segregation of Duties (SoD) is a fundamental concept in internal controls and accounting to reduce the risk of fraud and error. The principle behind SoD is simple: no single employee should have the authority to execute all the key aspects of any critical financial transaction on their own.
By segregating duties, organizations ensure that errors or frauds committed by one individual can be caught and corrected (or prevented) by another. It’s a way of ensuring that for any given task, especially one that can impact financial statements or assets, more than one pair of eyes are involved.
There are four main types of functions that should be segregated:
- Authorization or Approval: Approving transactions and decisions.
- Custody : Having physical custody or control over assets (e.g., handling cash, inventory, or equipment).
- Record Keeping: Maintaining the organization’s official records or ledgers (e.g., updating and maintaining financial records).
- Reconciliation : Comparing actual assets with recorded assets to identify and correct discrepancies.
Example of SoD in Action:
Consider the accounts payable function in an organization:
- Without proper SoD: An employee could create a fake vendor, approve payments to that vendor, record the transactions, and reconcile the bank statement without anyone else reviewing or approving any part of that process. This could lead to fraud as the employee could potentially make payments to a nonexistent vendor (essentially paying themselves).
- With proper SoD : One person could be responsible for setting up new vendors, another person for approving payments, a third person for recording the transaction in the financial records, and a fourth person for reconciling the bank statement. This way, if an attempt to commit fraud were made, it would likely be detected by one of the other individuals involved in the process.
Benefits of SoD:
- Reduction of Fraud: It’s harder for employees to commit fraud when they know that their actions can be and likely will be reviewed by another party.
- Detection of Errors: Mistakes can happen, but with multiple people involved, errors are more likely to be spotted and corrected.
- Enhanced Accountability: Employees understand that their responsibilities and actions are interdependent, leading to better accountability and diligence.
However, it’s worth noting that while SoD is a critical control mechanism, in some smaller organizations, it can be challenging to fully implement due to limited staff. In such cases, periodic independent reviews or other compensating controls might be used to mitigate risks.
Example of Segregation of Duties
Let’s use a more detailed and practical example to illustrate the importance of the Segregation of Duties (SoD) in a company setting:
Scenario: TechNova, a small tech startup.
Situation: TechNova recently received a significant amount of investor funding and, as a result, has increased its expenditures to grow the business. The company’s CEO, Amanda, wants to ensure that the company’s financial transactions are secure and free from errors or fraud.
Without proper SoD: Martin, the finance executive, is responsible for all the following tasks:
- Setting up new vendors in the payment system.
- Approving all invoices and initiating payments.
- Recording transactions in the accounting system.
- Reconciling the bank statements monthly.
Potential Risk: Martin could potentially set up a fake vendor, approve payments to that vendor, and cover up these transactions when reconciling the bank statements. Given that he handles every step of the process, there’s a clear risk of undetected fraud.
Implementing SoD at TechNova: Amanda, recognizing the risks in the current setup, decides to segregate duties among the finance team.
- Vendor Setup – Laura, from the procurement team, will be responsible for setting up new vendors after verifying their credentials. This ensures an external check on vendors‘ authenticity.
- Invoice Approval & Payments – Martin is still responsible for this. However, any payment above $5,000 requires a second approval from Amanda. This introduces a level of oversight on significant transactions.
- Recording Transactions – Jane, another finance team member, records all transactions in the accounting system. Her involvement ensures that what’s being paid matches the records.
- Reconciliation – Andy, from the internal audit team, performs monthly reconciliations of bank statements. If there are discrepancies, he can flag them for review.
Outcome: With these changes, the risk of fraudulent transactions is greatly reduced. Even if Martin tried to replicate the fraud scenario described earlier, the system now has checks and balances. Laura would question a fake vendor, Jane might spot inconsistencies in recorded transactions, and Andy would notice discrepancies during reconciliation.
This example highlights how SoD, when properly implemented, can create a series of checks and balances that significantly reduce the risk of both fraud and honest mistakes. Even in a small organization like TechNova, simple steps can be taken to segregate key duties and protect the company’s assets.