What is the Segregation of Duties as it Relates to Controls?

Published July 2, 2020 • 2 min read

Segregation of duties (also known as separation of duties) is a key concept of internal controls that aims to prevent fraud and errors.

The main concept underlying segregation of duties (SOD) is that no employee or group of employees should be in a position to commit and conceal fraudulent activity or errors in the normal course of their duties.

Auditors will look for segregation of duties as part of their analysis of an organization’s system of internal controls. The auditors will downgrade their opinion of a company’s system of internal controls if there are any failures in the segregation of duties.

Traditional internal control systems depend on assigning certain responsibilities to different employees or segregating incompatible functions. The general premise of SOD is to prevent one person from having custody of assets as well as being responsible for maintaining the accountability of those assets.  In other words, share responsibilities of a key process that disperses critical functions of that process to more than one person, department, or company.  

In general, the principal incompatible duties to be segregated are:

  • Custody of assets
  • Authorization or approval of related transactions affecting those assets
  • Recordkeeping or reporting of related transactions
  • Reconciliation of audit.

Depending on the size of an organization, functions and designations may vary. When duties cannot be segregated, the company should implement compensating controls. 

Compensating controls are internal controls intended to reduce the risk of an existing or potential control weakness. If one person can perform their day-to-day activities and conceal errors and/or irregularities in the course of performing those duties, that one person has been assigned duties that are incompatible with SOD. 

Although there is no internal control audit standard or accounting stipulation that calls for specific requirements for SOD, maintaining a system of effective internal controls does require the appropriate segregation of duties. 

For a company’s system of internal control to be effective, there must be adequate segregation of duties among the workers who perform accounting procedures or internal control activities and those who handle assets. 

Generally, an organization should design the flow of transaction processing and related activities so that the work of one person is either independent of, or serves to check on, the work of another. This reduces the risk that errors will go undetected and limits the opportunities that one person can misappropriate assets or hide intentional misstatements in the company’s financial statements.

 

Learn how we can fit into your business.

Schedule a demo to learn how we can help guide your organization to confidence in infosec risk and compliance.

Help us get to know you.

Get a demo