Segregation of duties is the cornerstone of a company’s internal control structure.  Maintaining proper segregation of duties in core business process areas minimizes the opportunity for an employee to commit fraud against his or her employer.  Duty segregation protects both the employer and the employee.

In any business accounting cycle (such as cash management, inventory, accounts receivable, accounts payable, payroll) there are four areas that must be segregated: asset custody, authorization and approval, recordkeeping, and reconciliation. 

• Asset custody refers to the handling and disposal of company assets. 
• Authorization and approval applies to the processing of transactions.
• Recordkeeping is the creation and maintenance of company records. 
• Reconciliation refers to review and verification of the recording of transactions.

Questions to Ask

• Who performs the different duties of one area within a single business process cycle?
• Who performs the duties when an employee is absent?
• Do any of the employees perform a task in more that one area - such as authorizing a vendor payment and recording the vendor payment as well?
• How can the business mitigate (reduce) the risk when there is an overlap of one employee working in more than one area?

Commons Ways to Mitigate the Risk

• Assign two employees to jointly perform a task.  Training two employees ensures there is a back-up employee who can perform in the absence of the primary processor.  Routinely having the second employee perform or verify the task performed reduces the risk of undetected errors.  Requiring a routine review by a second person limits an employee’s chance to misappropriate company assets.  The second review discourages employees from committing fraud on their own.  Colluding with the second employee would be the only way to misappropriate assets.
• Assign tasks to employees in different departments.  Some companies are too small to sufficiently segregate tasks within the accounting or finance department.  However, some tasks can be adequately performed outside the accounting department.  Examples include:
  • Sending invoices for approval to the specific department that requested the purchase.  This approval step is completed outside of the accounting department and creates a better control in the accounts payable cycle.  
  • Having the Controller or CFO reconcile journals to the general ledger.  While the CFO and Controller are finance positions, these roles are typically hands-off in the processing of transactions.  
  • Using an administrative employee to deliver bank deposits to the bank.
  • Assigning the purchasing or procurement department to approve any vendors before the vendors are set up in the accounting system.

Continuous Review

Setting up independent duties is the first step but it is equally important to continually evaluate and review the separations to ensure they are performing as they were originally designed.  It is easy for shortcuts to work their way into a system that has been running smoothly.  The relaxing of controls happens when employees are comfortable performing their tasks.  It is imperative that supervisors perform regular reviews of the tasks being performed to verify the tasks are done by the employee assigned the duty according to the documented segregations.  Observing employees at work as well as inquiring of employees about their current tasks are great ways to make sure segregation is maintained.  Recurring independent reviews and reconciliations are also effective in mitigating risk as well as locating undetected errors, both recurring and non-recurring.