Managing With or Without Segregation of Duties

Seda Bayraktar

Managing without segregation of duties is a risky choice. The most constructive approach is to prevent possible significant losses by segregating duties at an optimum level in proportion to the company's risks.

As one of the key elements of the internal control system, segregation of duties (SoD) is crucial for mitigating the risks of fraud and error in business processes. The principle of the SoD means, in the simplest terms, that no employee takes more than one critical responsibility in any process from the start of a transaction to its completion. Briefly, by separating the duties, "power" is prevented from gathering in one person.

The most optimal distribution of the "approval", "asset custody", "recording" and "reconciliation / control" activities related to a transaction to the personnel, considering the scale of the company, the risks and the number of employees, is a must for this principle. Naturally, for small companies with few staff, it is hard to implement this principle, but it can often be compensated by the direct control of company owners over the activities.

It is a common problem of non-institutionalised companies, in which conflicting duties are carried out by the same employee, where the processes are inconsistent, weak and dependent on one person, and internal controls are inadequate. In fact, it is not possible to segregate the duties from each other in this disorganization even if it is desired. The only way to identify and segregate the critical duties that contradict each other is to properly design the processes and the internal controls.

At this very point, the importance of management philosophy becomes evident. Changing a trust-based working environment to an environment where business processes are carried out in accordance with the SoD principles entails a radical change in management philosophy. Sometimes this change can be triggered by a significant fraud committed by a very trusted employee or serious errors caused by siloed departments.

I want to give an example of an environment where the duties are not properly segregated. In a company where I conducted fraud investigation, I witnessed that the company suffered significant losses due to the fact that the following duties were carried out by the same purchasing specialist:

  • Searching and selecting the supplier which the company will work with,
  • Opening the purchase order and passing those below a certain amount directly to the supplier; the approval of the transactions above this amount by the manager (Note: Often, the manager does not examine the purchase order in detail),
  • Incoming supplier invoices can be allocated to purchase orders as desired due to the fact that the order system does not work effectively,
  • Conducting communication with suppliers,
  • Arranging the operations between suppliers and company warehouses,
  • Checking supplier invoices and approval for recording invoices,
  • Tracking the payments of supplier invoices, directing the finance department about payment (Note: There is no maturity determined and applied in the supplier master data).

I am sure that you wonder how only one person can be in charge of all these conflicting duties. Although the management style of the company may cause this situation, I will bring up the matter of “trust” which is the most important reason in the aforementioned case.

In another investigation, we found out that an employee in accounting department stole a substantial amount of money from the company by himself. Investigation showed that the problem was caused by the fact that the conflicting duties were performed by the accountant specialist and as a result of this, an extraordinary opportunity was created fraud. In this case, the accounting staff could do the following:

  • Creation of supplier accounts in the ERP system,
  • Recording supplier invoices in the system,
  • Coordinating the preparation of payment orders and their signing by managers,
  • Recording bank transactions,
  • Taking bank statements from online-banking system and making bank reconciliations.

Improper segregation of duties may not always result in assets misappropriation or corruption cases. Sometimes, this situation creates an opportunity for an employee who has been attained too much authority, to conceal a mistake made by or caused by this employee and not to disclose it. In fact, an innocent mistake can turn into a financial statement fraud with the power given.

Finally, I would like to discuss the relevance of trust with the issue. I noted before that SoD is one of the basic elements of internal control. This naturally leads us to the concepts of trust-control. Especially in Turkish family companies and SMEs, we see that the balance between trust and control often shifts towards trust. As an effect of our culture and country, I believe, a similar approach can be observed even in the subsidiaries of some international companies in Turkey.

Why do managers conduct their businesses on the trust basis in an environment with weak processes and controls? Although this may seem like the habit of doing business based on trust, I have experienced that the root causes of this behaviour are actually to speed things up for reducing costs and to carry out the tasks with fewer people.

I think the most attractive aspect of doing trust-based work is its lower cost.

This approach can be understandable in a way due to the direct control of the business owner in small companies, but it may turn out to be an important threat after the business growth reached a certain level. When the damage caused by the lack of internal controls starts to threaten the company, the segregation of duties over the “trust-control balance” becomes inevitable.

As a conclusion, it is crucial for companies to identify whether there is an employee who can defraud or conceal a critical mistake and accordingly take precautions in this regard or if it is not possible to implement SoD principles due to limitations, to design detective controls to minimize risks. The key point of this process is to take proportional and optimal precautions keeping the facts of the company in mind all the time.

If you are not sure how to perform segregation of duties principles in your company, or if you think there are problems with it, Cerebra can offer you quick and effective solutions.