Special thanks to Charles Hall, CPA for allowing Yellowbook-CPE.com to republish this valuable article. Understand Segregation of Duties and How to Create It was originally published on CPA Hall Talk, January 18, 2025.
Understand Segregation of Duties and How to Create It
What is segregation of duties and how can you achieve it? In this post, I answer these two questions. I’ve seen business owners, nonprofits, and governments lose millions because they did not understand the risk of not having sufficient segregation of duties. For instance, $53 million was stolen by Rita Crundwell because the City of Dixon did not have this safeguard. So, you can stop reading now, but you would be wise to continue.
What is segregation of duties?
It’s the performance of different accounting processes by different people.
Why is this important?
It makes it more challenging for someone to steal. When more eyes 👀 are on the accounting processes, it’s more likely theft will be seen (if it occurs). And most potential fraudsters don’t want to go to jail, so fraud decreases.
One-person accounting system
Suppose there is only one person in accounting (we’ll call him Bob). Bob performs all duties, including the following for accounts payable:
- receiving vendor invoices
- signing checks (or making electronic payments)
- entering transactions in the general ledger
- reconciling the bank statements
- adding new vendors to the account payable module
Bob is the poster child of a lack of segregation of duties. To make matters worse, no one is reviewing his work, and he is not providing any reports to anyone (such as the owners).
Can Bob steal without detection? Absolutely.
Lessening theft with segregation of duties
Add more people (more eyes 👀) to accounting.
For example, Bob could enter invoices and tee up payments, but Sally approves them (e.g., signs the checks or pulls the trigger on the electronic payments). Sally’s approval involves her review of each invoice for appropriateness. In this setup, Sally has no rights to enter invoices, no rights to the general ledger, other than viewing. And the computer will not process payments without Sally’s approval. In other words, it takes Bob and Sally to make a payment.
We now have the following segregation:
- Bookkeeping — Bob
- Approval – Sally
So, by adding one person to the accounts payable process, we have lowered the theft potential. We’ve created some segregation of duties. It may not be perfect, but the threat of theft is less.
Can’t afford to hire Sally
If this is a small business, the owner may not have the money to hire Sally.
What can be done?
Have the owner review documents such as:
- Bank reconciliations (and the cleared checks showing who was paid)
- Monthly budget to actual reports showing the budgeted revenues and expenses and actual amounts
- General ledger (the owner can scan the general ledger detail for appropriateness)
What have we done? We’ve added more eyes 👀 to the process. Why? We need this safeguard due to the lack of segregation of duties.
Accounting processes
Accounting processes include:
It is desirable to segregate each of these accounting processes for each accounting area such as:
- Billing and collections
- Accounts payable and expenses
- Payroll
- Plant, property, and equipment
- Inventory
Reviews as an internal control
If segregation of duties is not possible, include a review process of some type such that a potential fraudster will know another person will see what they do. Reviews can be performed by (these are just examples):
- an owner
- an outside CPA (maybe once or twice a year, for example)
- the owner’s spouse
- the controller of another entity that the owner controls
Of course, you can also require an audit of the entity (more eyes 👀 ) at year-end.
So, should auditors report a lack of segregation of duties to the business owners and board members?
Auditor reporting
Auditors should report a lack of segregation of duties to the owners and board members. This communication will normally be in writing, especially if the control weakness is in an area where material theft can occur.
Should the auditor communicate the lack of segregation of duties if he or she knows the owners and board members are already aware of the internal control weakness (say, you’ve communicated this in previous years)?
Yes.
Summary
More eyes on the accounting processes will lower the risk of theft. Do what you can now to create proper segregation of duties and prevent financial losses.
Looking for high-quality and convenient CPE?
Yellowbook-CPE.com has you covered! Our upcoming live webinars are a great choice if you want the learning to come to you. Just log on at the scheduled time and enjoy wherever you are! Here are a few of our upcoming courses:
- Feb 27: Microsoft 365 Deep Dive for Government Auditors (4 CPE hours)
- Mar 3: The Art of the Audit Interview (2 CPE hours)
- Mar 4: Enterprise Risk Management 101 (2 CPE hours)
- Mar 6: Internal Controls: What They Are, What They Aren’t & How to Plug the Holes (2 CPE hours)
Need to do things at your own speed, but still get all your credits? Plan your CPE around your life, not the other way around! Yellowbook-CPE.com has dozens of self-study courses, including the Audit Reporting Bundle. Are your audit reports sexy? Do they comply with standards? Can you confidently identify the root cause of any reportable condition? Complete these two courses – one video and one self-study – to make sure that the only product your audit client is likely to see is readable and interesting.
Yellowbook-CPE.com is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: