Segregation of Duties in Accounting for Small Businesses
This article is part of a larger series on Bookkeeping.
Segregation of duties (SoD) in accounting is an internal control mechanism that prevents fraud and error, and proper SoD ensures checks and balances within the business. When there is no SoD in place, opportunities to commit fraud might arise, especially if it incentivizes the perpetrators.
Due to limited administrative workforces, small businesses often face challenges in SoD as some admin employees have to handle two or three roles to cope. Good small business internal control dictates that some duties aren’t meant to be delegated to a single person. The existence of incompatible duties increases the risk of fraud, which is why the participation of the small business owner is a necessary compensating control to offset the existence of incompatible duties.
There are three general functions that must be segregated. Let’s discuss each below.
1. Authorization
Individuals who can authorize transactions cannot also be responsible for recording transactions nor should they have custody of the assets. If an authorizing person has access to the physical assets and records, it increases the risk of fraud and misappropriation of assets. Hence, employees who can authorize transactions mustn’t be involved in bookkeeping or safekeeping of physical assets.
For instance, the person who authorizes a check to be written shouldn’t be the same person who records the check in the bookkeeping software or reconciles the checking account. If it’s impossible to do this, it’s best to delegate approval functions to the small business owner.
2. Recording & Reconciliation
Individuals who record transactions, such as accounts receivable (A/R) staff, accounts payable (A/P) staff, and bookkeeper, mustn’t handle authorization and custody roles. Looking at the accounting process and bookkeeper’s responsibilities can help you spot incompatible duties affecting recording and reconciliation functions.
To illustrate, if the A/P staff can authorize payment for business expenses, they can create and approve fictitious expenses and steal money from the business. Moreover, individuals who reconcile accounts, such as bank accounts, mustn’t handle custody roles because since they have access to cash payments from customers, they can alter A/R records and steal customer payments.
Today, the most common business frauds arising from inadequate SoD in recording functions are the following:
Fraudulent Act | Definition | How To Eliminate Fraud Through Proper SoD and Other Controls |
---|---|---|
Check Kiting | This scheme uses check floats to access nonexistent cash as unauthorized credit. However, advances in technology and check clearing facilities make it easy to uncover this fraud. |
|
Lapping | It is a type of skimming where the perpetrator steals money from one customer and uses the payment of another customer to cover the fraud. Lapping can occur if there is no proper SoD in custody and recording functions. |
|
Payroll Fraud | This can exist if there is no proper SoD in payroll, such as letting the business bookkeeper or payroll accountant maintain, collect and compute timesheets, prepare payslips, disbursement payroll, and record payroll entries. |
|
With proper SoD, you can reduce the risk of fraud in the business, but only up to a certain level. Collusions may exist within the company even if there’s proper SoD.
Prevent the proliferation of fraud and error by reading our A/R best practices and A/P best practices.
3. Custody
Individuals who have access to assets, such as keys to the storage room and access to the business’s bank accounts, mustn’t handle recording and authorization functions.
Let’s assume the company driver has the authority over fuel expenses. If they think fraudulently, they can be creative and charge the fuel expenses of their personal vehicle as fuel expenses of the company trucks. To mitigate this fraud risk area, they mustn’t have the authority to approve fuel expenses. Rather, the business may give them cash for fuel and require them to surrender receipts. Alternatively, they may use a corporate card for fuel expenses for ease of use.
List of Incompatible Duties in the Business Cycle
We listed a set of incompatible duties per function below. To apply this table in your small business, you must first classify employees with authorization, recording, and custody roles. Then, review the job descriptions of each employee and check if there are incompatible duties included. Remember, employees should never have duties listed under more than role like authorization, recording, or custody.
For instance, an employee with authorization roles has the following responsibilities: review sales returns, approve sales returns, and prepare sales orders. If we check the incompatible duties in the Revenue and A/R cycle, we’ll see that the preparation of sales orders isn’t a duty of an employee with authorization roles. You may remove the incompatible duty from the job description to maintain proper SoD.
If it’s impossible to remove an incompatible duty from an employee’s job description due to a limited workforce, the business owner must compensate for this SoD violation by placing another level of oversight on that employee.
Cash Receipts & Disbursements
Authorization | Recording | Custody |
---|---|---|
|
|
|
Revenue & A/R
Authorization | Recording | Custody |
---|---|---|
|
|
|
Expenses & A/P
Authorization | Recording | Custody |
---|---|---|
|
|
|
Notes & Explanations:
- In a multi-department setup for large businesses, it is the requesting department head who shall approve purchases. But in a small business setup, the approval of inventory and office supplies purchases rests on the owner or any manager.
- The department requesting the purchase of inventory or office supplies is the department that has custody over these assets. Hence, it is only fitting that they make the request.
- The one who signs the check must not be the same person approving payment. Signing of checks is a custody role because the person signing must have custody and access to the business’ bank accounts. If these two roles rest on the small business owner, there’s no violation of SoD.
- It is okay to delegate the preparation of checks to an employee (e.g., bookkeeper and A/P clerk). Even if these employees have access to company checks, they can’t forge or falsify checks since another person (see Note C) will review the check voucher and sign the check.
Inventory & Shipping
Authorization | Recording | Custody |
---|---|---|
|
|
|
Payroll & Human Resources
Authorization | Recording | Custody |
---|---|---|
|
|
|
Notes & Explanations:
- The bookkeeper or payroll accountant, not the HR department, must prepare the payroll calculations. If it’s the other way around, there is a risk of manipulating payroll data since HR has access to employee information and also prepares payroll calculations.
- The custody function in managing employees rests in the HR department, which has all the employee records (attendance, PTO taken, PTO earned, etc.). Hence, they should prepare employee time sheets.
- The HR department may distribute payroll checks since these checks have already been approved. There’s little risk involved in merely handing out checks to employees, though the best alternative to this would be depositing payroll directly to the employees’ bank accounts.
Fixed Assets & Capital Sourcing
Authorization | Recording | Custody |
---|---|---|
|
|
|
Bottom Line
Separation of duties are essential controls that help prevent and detect the existence of fraud and error. Even in a small business setup, separating authorization, recording, and custody functions are vital to ensure the integrity of business transactions.