Written by Steven Randall, Partner, Vonya Global
It happens all the time, human capital / resource constraints at start-ups and small to medium sized companies limit the ability to have a robust accounting and finance staff. In most cases one person is typically responsible for many tasks. When these tasks overlap, like: reviewing and paying invoices; setting up and approving new clients; setting up and approving new suppliers; and writing checks, making deposits, and conducting bank reconciliations, the company exposes itself to significant fraud risks. In audit terms, this is called Segregation of Duties.
Segregation of Duties
While having adequate Segregation of Duties (SOD) is an essential building block of sustainable risk management and internal controls for a business, it is difficult for a small business to implement and it often gets overlooked.
I came to know the investors of a start-up Title Insurance Company in Chicago. The ownership hired an experienced Title Insurance executive as President and CEO. They also assigned the President full access to the bank account. The company was out of business within 6 months of hiring the CEO. The CEO embezzled all the cash, ignored all invoices and payables, and left town.
Inadequate Segregation of Duties hits the news on regular basis. Said one executive: “Given the size of our organization, the distribution and separation of duties is tough. It’s a staff of three, four people. They suggest we shuffle around more of the burden. I’m not saying that’s a bad idea, but it will be difficult to implement.”
Difficult to implement? Maybe. But it is not impossible or impractical. The first step is understanding the risk and how it relates to the business. The second step is to consider key controls that would mitigate the risk without adding burden to the business. Simple solutions include requiring approvals for big purchases by individuals other than the CFO, placing banking restrictions on large payments, and regularly reconciling the all accounts.
While the Segregation of Duties risk may seem minor to other strategic, operational, or compliance risks, the failure to control the risk could be catastrophic.
This blog post was authored by Steven Randall. Steve is a Managing Partner with Vonya Global, a premier provider of internal audit co-sourcing, outsourcing, and consulting services, a member of the Institute of Internal Auditors (IIA) Chicago Chapter Board of Governors, a Director of the Adler-Caris Foundation, a not-for-profit dedicated to raising funds for Alzheimer’s Disease research, and the President of the Oz Park Baseball Association, a not-for-profit dedicated to providing fundamental based baseball in a safe environment in the city of Chicago. Steve was recently named The Institute of Internal Auditors’ Chicago Chapter’s New Member of the Year. If you would like more information about Vonya Global or if you have a questions for Steve, you may contact him through this blog, the company website, twitter, or his LinkedIn Profile.