Question

Effective segregation of duties is sometimes not economically feasible in a small business. What internal control elements do you think can help compensate for this threat?

Answer 1

**SOD - Segregation of Duties**

SOD Concept-

Segregation of duties is a key internal control intended to minimize the occurrence of error or fraud by ensuring that no employee has ability to both prepetrate and conceal error or fraud in the normal course of the business. This includes controls designed to safeguard assets, ensure the timeliness, accuracy and reliability of financial and management reporting and to promote operational efficiency, effectiveness and compliance with all applicable laws, regulations, policies and procedures.

Compensating control-

Sometimes due to financial limitations mean that it’s not always possible to achieve perfect SoD. Where this is the case, you can use compensating controls to mitigate the risk incurred when a user needs to have many duties. This type of control offers an alternative means of providing the “reasonable assurance” that we need.

An organizational unit must implement at least one of these compensating controls when an adequate segregation of duties is not present.

Below internal control can be put in place that can help compensate where SOD is not possible:

1. Policies: Organization should formulate a formal document on Standard Operating Procedure for all significant business processes and communicate to employees.

2. Requirement of Second Signature: The requirement for a secondary signature to authorize critical or sensitive transactions, such as high dollar value for purchase orders.

3. Approval: All financial transaction which gives impact on the profitability of organization should go through an approvel process.

4. Report Review: For all transactions placed in a period,a report can be generated and can be reviewed by user's higher management.

5. Reconciliation: A single user has access to and performs the tasks of accepting cash payments and recording the payments. To prevent fraud, oversight is required. So, we need a compensating control – for example, we may specify that a second user must perform a reconciliation, reviewing the cash against the recorded transactions.