With limited resources and tightening budgets, establishing effective internal controls can become tricky. Controlling the cash flowing into and out of the organization is supremely important and can generally be done effectively with the personnel and board members that are already in place. The single most important tenet of a control structure, especially in cash disbursements, is to limit opportunity by segregating duties. Think about the person that performs the most duties related to cash disbursements in your organization. What happens if that person receives some added motivation such as an ill family member with medical bills or a spouse losing a job? Could they rationalize the need for additional funds and ultimately cause damage to your organization? As honest as you perceive people in your organization to be, segregation of duties helps keep these people honest.
The following are a list of helpful controls that limit the ability to perpetrate and conceal theft of cash. The term “independent employee” would be someone who does not handle cash disbursements or the accounting for those disbursements.
These controls will help detect issues whether fraudulent or reporting errors, but the organization really would rather not have things slip through to this review stage. Segregating duties involves not allowing the same person to perform any two of the following duties:
As an example, if the controller for the organization can print checks (custody and recording), sign checks or print someone else’s signature (authorization), and reviews/reconciles the bank statement (review of recording) these functions are incompatible. If you take away the signature authority and a more effective review process is performed as mentioned previously, can the controller still commit fraud? The unfortunate answer is yes, but it is less likely and it hopefully will be discovered on a timely basis.
Always remember the computer issues at hand as well. Too often the segregated duties are manually implemented where it is “policy” that the controller signs checks but does not print checks. Often we ask the question could an individual print checks if they wanted to and be authorized to sign them. Most accounting software packages allow you to limit access to different functions depending on access rights and passwords. This also brings up the thought of having unique usernames and good password policies in place as well.
As you can tell, there are many issues to consider when segregating duties. There will be more to come later.
Posted by Robert SimpsonBack to articles