In my opinion, the concept of segregation of duties is by far the most significant and important internal control. I cannot think of a single example where this control cannot be implemented in some manner. -
Embezzlement and Breakdown of Segregation of Duties
Go ahead and do the Google for: Bookkeeper charged with embezzlement
I will bet that in at least 90% of the cases, there was a spectacular breakdown in the area of segregation of duties. One person handled all aspects of the transaction. The most critical split you need to establish is the distinction and separation between accounting for a transaction or activity, and being responsible for the actual cash (that includes bank accounts and access to deposits and check disbursements.)
Improving Internal Control with Remote Accounting Staff
Remote accounting staff can actually improve the internal control environment by creating both operational segregation of duties and physical segregation from the company assets. Of course, you need to structure the workflow and access accounting documents properly, but that independent extra set of eyes and good procedures can often also result in catching more basic errors and omissions. Remote workers are forced to access the PDF and Excel documents and actually look at them, as opposed to a pile of paper on the desk the accountant can “turbo-tic” and file away without actually paying any attention to them.
Challenges in Smaller Organizations
Unless one thinks like an internal control freak, people seem to have a mental block with the basic concept, especially in smaller organizations where there are a limited number of people available. Nonprofit and volunteer organizations are especially prone to violating the segregation of duties principles. But in almost every case, that does not have to be acceptable.
Addressing Segregation of Duties in Small Organizations
In the smallest of organizations, there is a treasurer/bookkeeper who maintains all the financial records. In some cases, that person has been in the position for some time and is considered completely honest, above reproach, a devoutly religious person, etc., etc. In a situation such as this, at the very least, there should be a President, Executive Director, or some other administrative leader, and what needs to happen is that all bank statements need to be sent directly to that person. Changing the address for the bank statements is an easy procedure. Even better is to sign up for electronic banking and ensure that the Bookkeeper/Treasurer shares the logon and password with the leader. Another reason I like this arrangement is that with every new leader, the password should be changed.
Dealing with Paper Statements and Trust Issues
There is still a significant percentage of the population that does not understand or trust internet access to financial accounts and banking. Fine. Have the paper monthly statements sent.
The Importance of Reviewing Bank Statements
Now here is one place where this process fails. That is when the leader receives the bank statements and fails to OPEN AND READ them, before passing them on to the Bookkeeper/Treasurer. Come on, people. This has nothing at all to do with not trusting the Bookkeeper/Treasurer. It is all about protecting that person from being falsely suspected or accused of impropriety. This will not eliminate the opportunities for fraud, but it will go a long way. Many if not most banks, I think, will include an image of the checks cashed each month. The leader needs to simply scan through the images, making sure they appear reasonable. Ask for clarification if you are not sure.
Some of the ways that fraud could still occur are a fictitious vendor, hidden bank accounts, or skimming cash. Cash skimming in small organizations is easy. After a fundraiser, the organizer hands the Bookkeeper/Treasurer a bucket of cash and says, “Deposit this.” Usually, there is no counting or accounting for the funds. All the bookkeeper needs to do is skim off some of the cash and deposit the rest. They will never get caught. A simple count of the cash, given to the leader and the bookkeeper, will help prevent this from occurring. Again, this is to protect the bookkeeper from being falsely accused or suspected.
Here is a common situation that often prevents controls from being implemented. You have a long-term bookkeeper and nobody has ever had the nerve or guts or inclination to approach the person and suggest that someone else be involved in the financial affairs.
This is a very real issue and problem. The bookkeeper and many of the financially inexperienced members will be highly insulted and offended at any suggestion to improve controls. My recommendation is good cop, bad cop. Find an outside “bad cop” to make a formal and strong recommendation for improving the segregation of duties controls. Pick an insurance agent, a banker, a new member, or someone who does not have a long personal history with the bookkeeper, and have them make the recommendation. Have an internal good cop recognize and champion the effort to protect the bookkeeper from inappropriate suspicion. It might not work, but at least you can try.
>> Ready to start hiring? Fill out the form and one of Vintti's account executives will contact you within 24 hours.
Benson Dana
Retired CPA and author of "Tales From The Trenches: A CPA Internal Auditor's Stories of Fraud, Internal Controls, Auditing, and Embezzlement".
