How to Lessen Segregation of Duties Problems in Two Easy Steps

Fraud prevention in two easy steps

Darkness is the environment of wrongdoing.

Why?

No one will see us–or so we think.

As you’ve seen many times, fraud occurs in darkness.

In J.R.R. Tolkien’s Hobbit stories, Sméagol, a young man murders another to possess a golden ring, beautiful in appearance but destructive in nature. The possession of the ring and Sméagol’s hiding of self and his precious (the ring) transforms him into a hideous creature–Gollum. I know of no better or graphic portrayal of how that which is alluring in the beginning, is destructive in the end.

Fraud opportunities have those same properties: they are alluring and harmful. And, yes, darkness is the environment of theft. What’s the solution? Transparency. It protects businesses, governments, and nonprofits. And while we desire open and understandable processes, often businesses have just a few employees that operate the accounting system. And many times they alone understand how it works.

It is desirable to divide accounting duties among various employees, so no one person controls the entire process. This division of responsibility creates transparency since multiple eyes see the accounting processes–but this is not always possible.

Lacking Segregation of Duties

Many small organizations lack appropriate segregation of duties and believe that solutions do not exist or that fixing the problem is too costly. But is this true? Can we create greater transparency and safety with simple procedures and without significant cost?

Yes.

Below I propose two processes to reduce fraud:

  1. Bank account transparency and
  2. Surprise audits.

1. Bank Account Transparency

Here’s a simple and economical control: Provide all bank statements to someone other than the bookkeeper. Allow this second person to receive the bank statements before the bookkeeper. While no silver bullet, it has power.

Persons who might receive the bank statements first (before the bookkeeper) include the following:

  • A nonprofit board member
  • The mayor of a small city
  • The owner of a small business
  • The library director
  • A church leader

What is the receiver of the bank statements to do? Merely open the bank statements and review the contents for appropriateness (mainly cleared checks).

In many small entities, accounting processes are a mystery to board members or owners since only one person (the bookkeeper) understands the disbursement process, the recording of journal entries, billing and collections, and payroll.

One set of eyes on an accounting process is not a good thing. So how can we shine the light?

Fraud Prevention

Picture courtesy of DollarPhoto.com

Second Person Sees the Bank Statements

Allow a second person to see the bank statements.

Fraud decreases when the bookkeeper knows someone is watching. Suppose the bookkeeper desires to write a check to himself but realizes that a board member will see the cleared check. Is this a deterrent? You bet.

Don’t want to send the bank statements to a second person? Request that the bank provide read-only online access to the second person, and let the bookkeeper know that the other person will review bank activity.

Even the appearance of transparency creates (some) safety.

Suppose the second person reviewer opens the bank statements (before providing them to the bookkeeper) and does nothing else. The perception of reviews enhances safety. I am not recommending that you don’t perform the review, but if the bookkeeper even thinks someone is watching, fraud will lessen.

2. Surprise Audits

Another way to create small-entity transparency is to perform surprise audits. These reviews are not opinion audits (such as those issued by CPAs) but involve random inspections of various areas such as viewing all checks clearing the May bank statement. Such a review can be contracted out to a CPA or performed by someone other than the bookkeeper–such as a board member.

Segregation of Duties

Picture courtesy of DollarPhoto.com

Adopt a written policy stating that the surprise inspections will occur once or twice a year.

The policy could be as simple as the following:

Twice a year a board member (or designee other than the bookkeeper) will inspect the accounting system and related documents. The scope and details of the inspection will be at the judgment of the board member (or designee). An inspection report will be provided to the board.

Why word the policy this way? You want to make the system general enough that the bookkeeper has no idea what will be inspected but distinct enough that an actual review occurs with regularity (thus the need to specify the minimum number of times the review will be performed).

Sample Inspection Ideas

Here are some sample inspection ideas:

  • Inspect all cleared checks that clear a particular month for appropriate payees and signatures and endorsements
  • Agree all receipts to the deposit slip for three different time periods
  • Review all journal entries made in a two week period and request an explanation for each
  • Review two bank reconciliations for appropriateness
  • Review one monthly budget to actual report (to see that the report was appropriately created)
  • Request a report of all new vendors added in the last six months and review for appropriateness

The reviewer may not perform all of the procedures and can perform just one. What is done is not as important as the fact that something is done. In other words, the primary purpose of the surprise audit is to make the bookkeeper think twice about whether he or she can steal and not be caught.

Again multiple people seeing the accounting processes reduces the threat of fraud.

Shine the Light

The beauty of these two procedures (bank account transparency and surprise audits) is they are straightforward and cheap to implement but nevertheless powerful. So shine the light.

What other procedures do you recommend for small entities?

For more information about preventing fraud, check out my book: The Little Book of Local Government Fraud Prevention.

Learn from the CPA Scribo newsletter!

Get my free weekly accounting and auditing digest with the latest content.

Powered by ConvertKit

Please note: I reserve the right to delete comments that are offensive or off-topic.

Leave a Reply

Your email address will not be published. Required fields are marked *

10 thoughts on “How to Lessen Segregation of Duties Problems in Two Easy Steps

  1. Thanks for the reminder. To expand on your thought – a review of duties and assignments to see that the (usually lean) staff are not handling incompatible duties. Often this leads to discovery that more resources are needed (part time, intern, outsource) so that all the work gets done on a timely basis and then is more likely to be accurate. As companies grow they sometimes look at the staffing last, when errors, or worse, occur.

  2. Yes, simone. I see this often. Many times companies wait too long to expand staffing in an effort to keep expenses low; this sometimes leads to more costs than if they had timely filled the position.

  3. Good point Armando. If you don’t have reliable board members (or members who don’t understand their duties), you really can’t include them as a part of the controls. Competence and dependability is a must.

  4. All of the above suggestions are good. The problems I have had with the smaller organization are that usually they do not have qualified board members, relying on the “good-dedicated” person handling the accounting books. We know that the internal control should start at the top; but what if the board members do not understand the need for the internal control.

  5. Without a doubt a second person should receive the bank statement every month. On problem with having it first go to someone else is that it can delay the bookkeeper from reconciling the account, and if the second person feels hurried, it’s less likely they will scrutinize the statement much if at all. I recommend the bank send a duplicate statement to the designated person directly. The problem with online access is that people are busy and will just get out of the habit of looking.

    I don’t like the surprise audit idea because there is often not adequate training or experience available. I prefer a quarterly quick review of the items you list by the firms accountants or a professional bookkeeping firm. It doesn’t have to be very expensive. If not quarterly, then at least twice a year.

    • Benson, I agree with you about your online banking comment. The physical bank statements begs for attention. I also agree that an outside professional firm should perform the “surprise audit,” if possible. Thanks for your comments.

  6. Highly recommendable. If he entity has merchandise, I would suggest to include periodic inventory physical count and reconcile it to the book inventory, as often as possible.

  7. The above suggestions are excellent. Based on my many years of I auditing experience, I like to add “quarterly audits.” Unfortunately, most management people would think this is a waste of money; however, it is far from true. I can relate to both worlds, NFP and FP. In the NFP world, many, many years ago a major USA city contracted with NFPs awarding federal, state and local grants. The NFP could select the audit firm but once selected, the NFP could not change auditor, only the City could do that, an assurance of auditors’ independence. Who benefit most from this policy? The NFPs. It resulted NFPs having the best management I have ever seen, no headaches; the cost was insignificant.
    In the FP world, I spent a significant amount of time performing audits in the garment industry. Those companies that adopted quarterly audits or reviews were highly profitable. Again, the cost of the audit or review was insignificant.

  8. One of the greatest roadblocks to implementing this or any kind of new internal control is the wail that, “You don’t trust me/us!”

    One method to deflect this is to play good cop bad cop. Have an outsider like the CPA firm or new board member insist on these new procedures and make sure the entire board agrees unanimously. You can simultaneously blame the outsider and explain that these new controls only protect the innocent employees from inappropriate suspicion if something goes south.