A key internal control for reducing the risk of business fraud is the separation (or segregation) of duties. While it is a basic internal control, it often is very difficult to implement successfully. A high level overview of separation of duties basically means that no single individual should be in charge of two or more parts of transactional activity. Internal controls insist that these be broken up by responsibility and assigned to specific personnel.
There are four general categories of responsibilities that are generally discussed when separating duties.
1) Authorization or Approval
Establishing a chain of command for financial transactions within your organization begins with designating a point person who authorizes transactions. Not only will the authorized individual be in charge of signing checks (or approving electronic cash transfers), but she or he also has the final say whenever cash goes out the door (i.e. major purchases, new service agreements with vendors, etc.). Before cash leaves your company, each transaction needs to be reviewed first for authorization to ensure payment is in fact going to the right place.
2) Record Keeping
Assigning bookkeeping duties to a specific employee in your financial department is important, as you need to make sure the person recording all of the transactions is not the same person who cuts and signs the checks. When one person does it all, your business is vulnerable to fraud, as it becomes very easy for the thief to cover their tracks, and therefore very hard for you to detect.
You may trust your employee with your first born, but fraud happens all too often to small to medium-sized businesses, and sometimes with devastating effects. Employee theft often goes undetected for up to 18 months, at a median cost of $145,000 per case (ACFE 2014 Report to the Nation).
3) Custody of Related Assets
While “custodian of assets” sounds like a very high level position, it basically boils down to the person in charge of managing your cash. Anyone who collects cash or checks, makes bank deposits, and reviews bank statements is in custody of your financial assets. It is important that this role be separate from record keeping for account reconciliation. If one person handles both the books and the banking activity, it is much easier to fudge the numbers (or delete, modify, or add transactions to the ledger) to match the bank statements.
Your accounts should be reconciled each and every day, but not by the custodian of assets. Bank statements need to be checked against the ledger to ensure that the transactions match. A third party can be involved for account reconciliation, by limiting access to your bank and bookkeeping systems. A staff member can be given limited access to only view the ledger (and not make changes) to compare the transactions in the books against the transactions at the bank.
For many small businesses, having multiple employees on hand for separation of duties can be difficult to achieve. If you can’t separate the four general categories of responsibilities, consider utilizing an outsourced provider to manage your books who can ensure separation of duties, implement control procedures and keep your cash where it belongs.