These latest headlines should remind companies about the risk of Fraud and the importance of implementing and verifying adequate segregation of duties.  In these stories, embezzlers use their position, their employer’s misplaced trust, and inadequate fraud risk management to defraud organizations. 

In each of these cases, the fraud could have been prevented had the companies implemented a system of internal controls, including adequate segregation of duties.  Segregation of duties is a key internal control intended to minimize the occurrence of errors or fraud by ensuring that no employee has the ability to both commit and conceal errors of fraud in the normal course of their duties.

Generally, the primary incompatible duties that need to be segregated are:

  1. Authorization or approval

  2. Custody of assets

  3. Recording transactions

  4. Reconciliation/Control Activity

No individual should have the power to execute transactions across an entire business process without checks and balance.  For instance, there should be clear divisions between the personnel receiving goods or authorizing services, those processing invoices and those processing payments. In addition, there should be clear divisions between those that process payments, those that receive the bank statement s and those that reconcile the bank accounts. 

By focusing on the transactions that pose the greatest risk of abuse to the business, a company can quickly understand the issues vulnerable to access and determine what steps must be taken to safeguard company assets.  And effective fraud risk identification process considers not only opportunity but pressures and incentives.  According to the Association of Certified Fraud Examiners’ 2016 Report to the Nations on Occupation Fraud and Abuse, “the most prominent organizational weakness that contributed to the frauds in our study was a lack of internal controls, which was cited in 29.3% of cases.”  The 2016 report examined 2,410 cases of fraud.

Finally, there should be a regular independent review of these functions, to test the procedures for actual protection. Testing also sends a message that you are proactive in protecting the company’s assets, and serves as a strong deterrent to would-be offenders.

Michael Hathaway, CFE, CAMS