A fundamental element of internal control is the segregation of certain key duties. The purpose of segregating responsibilities is to prevent occupational fraud in the form of asset misappropriation and intentional financial misstatement.
The basic idea underlying segregation of duties is that no employee or group of employees should be in a position both to perpetrate and to conceal errors or fraud in the normal course of their duties. In general, the principal incompatible duties to be segregated are:
- Custody of assets.
- Authorisation or approval of related transactions affecting those assets.
- Recording or reporting of related transactions.
The general premise of segregation of duties is to prevent one person from having both access to assets and responsibility for maintaining the accountability of those assets.
If internal control is to be effective, there needs to be an adequate division of responsibilities among those who perform accounting procedures or control activities and those who handle assets. In general, the flow of transaction processing and related activities should be designed so that the work of one individual is either independent of, or serves to check on, the work of another. Such arrangements reduce the risk of undetected error and limit opportunities to misappropriate assets or conceal intentional misstatements in the financial statements. Segregation of duties serves as a deterrent to fraud and concealment of error because of the need to recruit another individual's cooperation, via collusion, to conceal it.
IDENTIFYING SEGREGATION OF DUTIES FRAUD RISKS
As an example, risks for a manufacturing organisation may include (risks will vary by industry and company):
Fraudulent Financial Reporting
- Timing differences/fictitious revenues: Risk of asset and/or revenue overstatements in the form of timing differences and/or fictitious revenues.
- Channel stuffing: Risk of artificially inflated sales and accounts receivable due to deliberately sending distributors more product than they are able to sell.
- Asset overstatement or liability understatement: Incorrect accounting treatment, specifically improper or unsupported journal entries, resulting from management override of internal controls and accounting procedures.
Misappropriation of Assets
- Cash misappropriation: Risk of loss due to cash theft related to cash received through the mail (as opposed to funds transfers).
- Cash skimming: Risk of loss due to cash skimming related to accounts receivable write-off schemes or lapping schemes for cash received through the mail
- Billing schemes: Risk of loss due to submitting fraudulent invoices through shell companies, marking up invoices, or redirecting invoice payments through non-accomplice vendor schemes, or making personal purchases
- Cheque tampering schemes: Risk of loss due to fraudulent cash disbursements from cheque tampering schemes, including forged maker, forged endorsements, altered payee, authorised maker, and concealed cheques
- Fraudulent payroll schemes: Risk of loss due to fraudulent cash disbursements from payroll schemes, including ghost employee and falsified wages
- Share-based compensation: Risk of loss due to inappropriate grants or execution of company share-based awards, including backdating and unauthorised issues
- Other financial statement risks: Other financial statement risks, including concealed liabilities and expenses, improper disclosures, improper asset valuations, and improper intangible asset valuation (non-patent and goodwill)
- Expense reimbursement schemes: Risk of loss due to fraudulent cash disbursements from expense reimbursement schemes not detected since individual and aggregate occurrences would likely not be material
- Theft of inventory and other non-cash assets: Risk of loss due to theft of inventory and all other assets
- Workers’ compensation schemes and employee medical insurance schemes: Risk of loss due to false claims
- Information theft: Inappropriate use of company information, including intellectual property, personnel data, and company financial information.
Segregation of duties controls do not meaningfully mitigate corruption risks related to conflicts of interest, bribery, illegal gratuities, or economic extortion. Corruption risks are often addressed by a company’s entity-level controls, including codes of conduct/ethics, whistleblower hotlines, and those charged with corporate governance such as the board of directors.
EXAMPLES OF SEGREGATION OF DUTIES:
- The person who requisitions the purchase of goods or services should not be the person who approves the purchase
- The person who approves the purchase of goods or services should not be the person who reconciles the monthly financial reports
- The person who approves the purchase of goods or services should not be able to obtain custody of cheques
- The person who maintains and reconciles the accounting records should not be able to obtain custody of cheques
- The person who opens the mail and prepares a listing of cheques received should not be the person who makes the deposit
The person who opens the mail and prepares a listing of cheques received should not be the person who maintains the accounts receivable records.