Concept and Framework
Guidelines and Best Practices:
Authorization
Documentation
Reconciliation
Security
Separation of Duties
Resources
Resources for Internal Controls
|
|
|
Separation of Duties
Definition:
Separation of duties is the means by which no one person
has sole control over the lifespan of a transaction. Ideally, no one
person should be able to initiate, record, authorize and reconcile a
transaction.
Purpose:
All organizations should separate functional
responsibilities. The separation of duties assures that
mistakes, intentional or unintentional, cannot be made
without being discovered by another person.
Concepts and Best Practices
|
Key Concept
|
Best Practice
|
|
Unit differences:
Separation of duties may vary depending on each unit's size
and structure
|
Duties may be separated by department or by individuals
within a department. The level of risk associated with a
transaction should come into play when determining the best
method for separating duties.
|
|
Demonstration:
Separation of duties should be able to be demonstrated to an
outside party.
|
Documentation of processes and authorization is helpful in demonstrating a
system of control that includes separation of duties.
|
|
Document the responsibilities:
Separation of duties should be clearly defined, assigned and
documented.
|
Document and clearly communicate who will initiate, submit,
process, authorize, review and/or reconcile each activity
within the unit.
|
|
Review and oversight:
Management should increase the review and oversight function
when it is difficult to sufficiently separate duties.
|
Assess the potential for mistakes or fraudulent
transactions. If the separation of duties is not sufficient
to eliminate or adequately reduce the risk of discovering
errors, the level of review of management should be
increased over the particular activity.
|
References:
|
