Division of Financial Services
University Controller
The basic transaction stages include recording (initiate, submit, process), approving (pre-approval and post-entry review), custody, and reconciling. No one person should initiate, authorize, record, and reconcile a transaction.
All organizations should separate incompatible functional responsibilities. Proper segregation of duties helps ensure that errors, omissions, or misstatements, whether intentional or unintentional, will be detected by another person. Where segregation of duties is not possible or practical, deploy alternative controls.
Segregation of duties may vary depending on a unit's size and structure.
Control Example: Duties may be segregated by department or by individuals within a department. Consider the level of risk associated with a transaction when determining the best way to segregate duties.
It should be possible to demonstrate segregation of duties to an outside party.
Control Example: Procedures and authorizations are documented to prove that a system of control includes segregation of duties.
Segregation of duties should be clearly defined, assigned, and documented.
Control Example: Document and clearly communicate who will initiate, submit, process, authorize, review, and reconcile each activity within the unit.
When it is difficult to sufficiently segregate duties, unit management should increase review and oversight functions.
Control Example: Assess the potential for mistakes or fraudulent transactions. If the segregation of duties is not sufficient to eliminate or adequately reduce the risk of discovering errors, the level of management’s review should be increased over that particular activity.
Unit management should rotate key internal control responsibilities to enhance segregation of duties and identify potential lapses.
Control Example: Rotating key job duties, such as responsibility for reconciling bank accounts or approving transactions, offers the opportunity to determine whether a control is functioning as intended, and it is an opportunity to cross-train others to perform those functions.
