Looming in the shadows of every organization is management’s fear of the perils that threaten them on a day to day basis. These include, but are not limited to misappropriation of assets and fraud. However, in the midst of the inevitable exposure to that risk, there is a remedy. And that lies in the Segregation of Duties (SOD).
In a perfect world there would be no need to implement such a policy and procedure in the workplace or anywhere for that matter, but in order to protect an organization from the seemingly remote possibility of the timely and expensive repercussions fraud holds, it is imperative that the sharing of responsibilities be stressed and applied.
Do not think of SOD as a “Big Brother is watching” type role. The foundation of this is comparable to that of a system of checks and balances. It limits one party from holding too much power and thus, potential risk.
By expending resources to create controls, you minimize risk to the organization in relation to undetected error, revenue recognition, or fraud. To create this quality assurance, consider implementing a SOD system akin to fighting A COLD:
Access Control Management:
- Ensure that only authorized access to key systems and databases (such as accounting software) occur
- Keep the group of administrators (anyone who has access to source code) of these systems and
databases small and monitored
- Ensure any and all system changes, i.e., GL postings, vendor changes, etc. are authorized by
the appropriate party
- Enforce management oversight of change
- Track changes of key steps in process
- Separate functions of daily inputs (i.e. accounts payable clerks), system administration and asset release (i.e. cash disbursement)
- Keep, update, and retain necessary documents
- For changes in operations which require a change in controls
- For fraudulent activity amongst other organizations and review controls in place to determine if your controls would catch such an occurrence
Define and Monitor Roles and Responsibilities:
- Maintain appropriate procedural documentation that clearly state the responsibilities of each party
- Complete cross training and periodically change responsibilities (such as through employees
taking vacation) to allow additional monitoring
- Initiate an internal audit process to ensure controls are working as designed
The enforcement of these tools and frameworks can be instrumental in the survival of a business. Although these are seemingly simple suggestions, they can easily be overlooked and neglected. By fighting A COLD early, you may protect yourself from a worsening illness.
By: Grace McDonald