Segregation of duties (SoD) in accounting is defined as developing a system where no person is performing tasks within more than one of three general functions. It’s an internal control mechanism that prevents fraud and error, and proper SoD ensures checks and balances within the business. When there is no SoD in place, opportunities to commit fraud might arise, especially if it incentivizes the perpetrators.
The three general functions that must be segregated in accounting are authorization of transactions, recording of transactions, and custody of assets. Let’s discuss each below.
1. Authorization
Individuals who can authorize transactions cannot also be responsible for recording transactions nor should they have custody of the assets. If an authorizing person has access to the physical assets and records, it increases the risk of fraud and misappropriation of assets. Hence, employees who can authorize transactions mustn’t be involved in bookkeeping or safekeeping of physical assets.
For instance, the person who authorizes a check to be written shouldn’t be the same person who records the check in the bookkeeping software or reconciles the checking account. If it’s impossible to do this, it’s best to delegate approval functions to the small business owner.
2. Recording & Reconciliation
Individuals who record transactions, such as accounts receivable (A/R) staff, accounts payable (A/P) staff, and bookkeeper, mustn’t handle authorization and custody roles. Looking at the accounting process and bookkeeper’s responsibilities can help you spot incompatible duties affecting recording and reconciliation functions.
To illustrate, if the A/P staff can authorize payment for business expenses, they can create and approve fictitious expenses and steal money from the business. Moreover, individuals who reconcile accounts, such as bank accounts, mustn’t handle custody roles because since they have access to cash payments from customers, they can alter A/R records and steal customer payments.
Today, the most common business frauds arising from inadequate separation of duties in recording functions are the following:
With proper SoD, you can reduce the risk of fraud in the business, but only up to a certain level. Collusions may exist within the company even if there’s proper SoD. Other types of prevalent fraud include cash skimming, invoice fraud and vendor fraud. If you suspect fraud, you should consider hiring a forensic accountant, which is different from an auditor. Learn more in Forensic Accounting vs Auditing.
3. Custody
Individuals who have access to assets, such as keys to the storage room and access to the business’s bank accounts, mustn’t handle recording and authorization functions.
Let’s assume the company driver has the authority over fuel expenses. If they think fraudulently, they can be creative and charge the fuel expenses of their personal vehicle as fuel expenses of the company trucks.
To mitigate this fraud risk area, they mustn’t have the authority to approve fuel expenses. Rather, the business may give them cash for fuel and require them to surrender receipts. Alternatively, they may use a corporate card for fuel expenses for ease of use.
Why Do You Need Segregation of Duties?
Regardless of business size, a balanced level of segregation of duties can keep the business running smoothly and maintain the integrity of records. Here are some reasons why you need segregation of duties:
- Prevents fraud: Without proper segregation of duties, employees can manipulate transactions. In a small business setup, proper oversight of the business owner in critical business processes can compensate for a small workforce.
- Helps in detecting errors: When two or more people are involved in a particular workflow, errors can be easily detected and corrected along the process. That’s why separating incompatible duties also helps in ensuring the accuracy and correctness of all transactions.
- Keeps business workflows smooth: If employees handle multiple and overlapping tasks, their efficiency decreases. It’s always nice to assign employees with responsibilities that don’t overlap with other incompatible duties and to keep them focused on their main responsibilities.
Limitations of Segregation of Duties in a Small Business
Due to a limited number of employees, small businesses often face challenges in SoD as some admin employees have to handle two or three roles to cope. When a single employee handles tasks that violate the segregation of duties we discussed, it’s vitally important that the small business owner be involved in reviewing the work to help prevent fraud.
List of Incompatible Duties in the Business Cycle
We listed a set of incompatible duties per function below. To apply this table in your small business, you must first classify employees with authorization, recording, and custody roles. Then, review the job descriptions of each employee and check if there are incompatible duties included.
Remember, employees should never have duties listed under more than one role, such as authorization, recording, or custody.
If it’s impossible to remove an incompatible duty from an employee’s job description due to a limited number of employees, the business owner must compensate for this SoD violation by placing another level of oversight on that employee.
Authorization | Recording | Custody |
|---|---|---|
|
|
|
Authorization | Recording | Custody |
|---|---|---|
|
|
|
Authorization | Recording | Custody |
|---|---|---|
|
|
|
Notes & Explanations:
- In a multidepartment setup for large businesses, it is the requesting department head who shall approve purchases. But in a small business setup, the approval of inventory and office supplies purchases rests on the owner or any manager.
- The department requesting the purchase of inventory or office supplies is the department that has custody over these assets. Therefore, it is only fitting that they make the request.
- The one who signs the check must not be the same person approving payment. The signing of checks is a custody role because the person signing must have custody and access to the business’ bank accounts. If these two roles rest on the small business owner, there’s no violation of SoD.
- It is okay to delegate the preparation of checks to an employee, such as bookkeeper and A/P clerk. Even if these employees have access to company checks, they can’t forge or falsify checks since another person (see Note 3) will review the check voucher and sign the check.
Authorization | Recording | Custody |
|---|---|---|
|
|
|
Authorization | Recording | Custody |
|---|---|---|
|
|
|
Notes & Explanations:
- The bookkeeper or payroll accountant, not the HR department, must prepare the payroll calculations. If it’s the other way around, there is a risk of manipulating payroll data since HR has access to employee information and also prepares payroll calculations.
- The custody function in managing employees rests in the HR department, which has all the employee records, such as attendance, PTO taken, or PTO earned. Therefore, they should prepare employee time sheets.
- The HR department may distribute payroll checks since these checks have already been approved. There’s little risk involved in merely handing out checks to employees, although the best alternative to this would be depositing payroll directly into the employees’ bank accounts.
Authorization | Recording | Custody |
|---|---|---|
|
|
|
Frequently Asked Questions (FAQs)
These are called compensating controls. For small businesses, the best compensating control is owner oversight and review. The business owner must take an active role in critical business roles.
The risk of fraud is the biggest risk associated with the lack of segregation of duties. Employees with access to incompatible duties can manipulate transactions and records to conceal fraud.
Bottom Line
Separation of duties are essential controls that help prevent and detect the existence of fraud and error. Even in a small business setup, separating authorization, recording, and custody functions are vital to ensure the integrity of business transactions.
