strategy
Accounting

Reducing Risk Through Segregation of Duties

By Samantha Schmitt, CPA, Withum


In order to optimize performance and reduce risks, companies should ensure that there are adequate internal controls – processes that are designed to provide reasonable assurance about the achievement of the company’s objectives with regard to the reliability of financial reporting, effectiveness and efficiency of operations, and compliance with laws and regulations. Segregation of duties is a key internal control that involves assigning responsibilities to more than one individual so that no single individual can initiate, authorize, record and review a transaction without the involvement of another individual. Proper segregation of duties is key to ensuring critical safeguards over internal controls and minimizes the risk of errors, conflicts of interest, theft and fraudulent activity. Although some say that segregation of duties can cause bottlenecks and lead to inefficiencies, it is a best practice and prevents bigger issues from arising.

Implementation

There are two steps to implementing segregation of duties. 

  • Establish and create policies and procedures for each department. Creating a standard operating procedure (SOP) on the processes and controls will allow all individuals to understand the necessary responsibilities by department and by individual. When creating the SOP, management should build a segregation of duties matrix, listing out all the responsibilities by department and by individual to properly ensure there are no conflicts where individuals have access to several different areas. 
  • Monitor and manage how it is functioning. Management should periodically monitor how the departments are operating with these procedures and oversee whether the segregation of duties is being implemented and maintained. 

Common Examples

Some common examples of proper segregation of duties include the following:

  • Cash receipts and revenue process: No single individual should have the ability to collect, deposit, record and reconcile cash receipts. The individual collecting and recording the cash receipts should not be the same individual who is making the deposit to the bank. Another individual (who is independent of the individuals who are collecting and recording and depositing the cash receipt) should reconcile the deposit to the general ledger through bank reconciliations, and another separate individual should review the reconciliation.
  • Purchasing process: The individual initiating a purchase order for goods should not be the same individual approving the purchase. The individual approving the purchase of the goods should not be the same individual who initiates payment for those goods. Additionally, the individual initiating the payment for the goods should not be the same individual with custody of the checks. 
  • IT systems: Individuals should have the appropriate access to systems and the level of access given (e.g., review only, super admin) should be commensurate with their respective job responsibilities.

Companies should regularly evaluate which controls are the most critical for them and the key areas in which there should be proper segregation of duties including the authorization of transactions, custody of assets, and reconciling/reviewing of transactions.

About the Author: Samantha Schmitt, CPA, is an audit manager at Withum. She is a member of the NJCPA and can be reached at s[email protected].

To access more business news, visit NJB News Now.

Related Articles: