Question

Segregation of duties is an important internal control.

a) What duties need to be segregated and why?

b) Give examples to illustrate the issues and how to resolve them.

c) Give real case examples where segregation of duties has been breached and the consequences of such a breach.

Answer 1

One of the basic audit objectives when we review an organization framework is the proper segregation of duties. Though it is basic, it is by far the most powerful as it ensure that errors or irregularities are prevented or detected on a timely basis by employees in the normal course of business.

Segregation of duties provides two benefits:

• A deliberate fraud is more difficult because it requires collusion of two or more persons; and
• It is much more likely that innocent errors will be found.

At the most basic level, segregation of duties means that no single individual should have control over two or more phases of a transaction or operation. Management should assign responsibilities to ensure a crosscheck of duties.

If a single person can carry out and conceal errors and/or irregularities in the course of performing their day-to-day activities, they have generally been assigned or allowed access to incompatible duties or responsibilities. Some examples of incompatible duties are:

a) An employee who prepares document ........should not......approve the same document
b)an employee who endorses checks and opens mail......should not....handle cash receipts
c)An employee who distributes payroll checks.........should not......prepare payroll input

when we review duties or responsibilities, we can broadly classified it into the four categories which are:

a)Authorization;
b)Custody;
c)Record-keeping; and
d)Reconciliation.

In an ideal system, different employees would perform each of these four major functions. In other words, no one person should have control of two or more of these responsibilities. The more negotiable the asset, the greater the need for proper segregation of duties, especially when dealing with cash, negotiable checks and inventories.

Authorization
Authorization is the process of reviewing and approving transactions or operations.

Some examples are:

*Verifying cash collections and daily balancing reports;
*Approving purchase requisitions or purchase orders;
*Approving time sheets, payroll certifications, leave requests and cumulative leave records; and
*Approving change orders, computer system design or programming changes.

Custody
Custody is the process of having access to, or control over, any physical asset such as cash, checks, equipment, supplies or materials.

Some examples are:

*Access to any funds through the collection of funds or processing of payments;
*Access to safes, lock boxes, file cabinets or other places where money, checks or other assets are stored;
*Custodian of a petty cash or change fund;
*Receiving any goods or services;
*Maintaining inventories; and
*Handling or distributing paychecks/advices, limited purchase checks or other checks.

Record-Keeping
Record-keeping is the process of creating and maintaining records of revenues, expenditures, inventories and personnel transactions. These may be manual records or records maintained in automated computer systems.

Some examples are:

*Preparing cash receipt back-ups or billings, purchase requisitions, payroll certifications and leave records;
*Entering charges or posting payments to accounts receivable system; and
*Maintaining inventory records.

Reconciliation
Reconciliation is verifying the processing or recording of transactions to ensure that all transactions are valid, properly authorized and properly recorded on a timely basis. This includes following-up on any differences or discrepancies identified.

Some examples are:

*Comparing billing documents to billing summaries;
*Comparing funds collected to accounts receivable postings;
*Comparing collections to deposits;
*Performing surprise counts of funds;
*Comparing payroll certifications to payroll summaries;
*Performing physical inventory counts;
*Comparing inventory changes to amounts purchased and sold; and
*Reconciling departmental records of revenue, expenditures and payroll transactions to management reports

Real Life case study:here I am QUOTING an aricle of caseware analytics where there is afraud because of breach of seggregation of duties

"The Alberta Motor Association (AMA) has filed a large-scale lawsuit against its former vice-president of information technology (IT) after it discovered he allegedly defrauded the company $8.2 million over a period of three years—one of the top five most costly cases of fraud to hit the province in 20 years.

In what appears to be an absence of segregation of duties (SoD), the employee was the only individual with authority to approve payments for goods and services invoices for the AMA’s IT department. The AMA alleges that the worker devised a fraud scheme whereby he created false invoices for amounts ranging from $30,000 to $450,000 USD. It also involved funds being transferred electronically to banks in the U.S.

In the case of the fraud scheme that impacted the AMA, stronger SoD will be required to avoid this type of fraud going forward. Segregation of duties is an essential internal control that helps deter fraudsters by reducing the number of opportunities for abuse. SoD conflicts can be caused by insufficient staffing, which makes it difficult to segregate duties appropriately because there are simply not enough employees. These conflicts can then be exacerbated by poor or missing controls; for example, in the case of the AMA, having only one person rather than two authorized to approve invoice payments, or allowing just one individual to create and approve a company budget."