As a not-for-profit organization, ensuring that safeguards are in place to lower the risk of fraud or material misstatement is extremely important so your organization can continue to operate and carry on its mission. One way to do that is to ensure that the various accounting duties within the organization are adequately segregated.
What is segregation of duties? Segregation of duties is an internal control process meant to prevent error and fraud by ensuring that at least two individuals are responsible for the separate parts of a task including; custody, record keeping, reconciliation, and authorization.
- Custody: having access to or control over any physical asset such as cash, checks, or supplies.
- Record Keeping: the process of creating and maintaining accounting records These can be manual records or records maintained in computer systems.
- Reconciliation: verifying the processing or recording of transactions to ensure that all transactions are valid, properly authorized, and properly recorded on a timely basis. Including following up on any differences or discrepancies found.
Authorization: the process of reviewing and approving transactions or operations.
Due to the size of many not-for-profits, a proper segregation of duties can be challenging to adequately identify and implement. Frequently organizations do not think it is possible to adequately segregate their internal controls, but even with a staff of two or three it is possible to have strong controls in place to help mitigate the chance for errors or fraud. Below are some common segregation of duties issues and ways to help strengthen the controls around them.
Cash Disbursement Process
Common audit finding: One individual is responsible for receiving an invoice (custody), approving invoices (authorization), and recording the payable in the general ledger (record keeping). If the organization had the capability to have three different individuals perform each task, that would be the ideal situation. However, even with a staff of two the organization would still be able to provide some separation of duties. With a staff of two it would be important to keep the authorization separate from the record keeping. In addition, for another layer of security the organization could have the board of directors review the invoices periodically.
Cash Receipt Process
Common audit finding: One individual is responsible for preparing the deposit slip (custody), taking the deposit slip to the bank (custody), and recording the receipt in the general ledger (record keeping). In this scenario, it would be advised that the individual that brings the deposit to the bank does not have access to the general ledger. Another control that can be added in the cash receipt process is having two individuals open the mail and document the funds received. That listing would then be used to compare to the amount deposited.
Financial Close Process
Common audit finding: The individual recording all of the activity in the general ledger is the same individual that prepares the bank reconciliation. It is always best to segregate those responsibilities, but if that is not possible, we recommend having another individual review the reconciliation.
These are just a few common audit findings we see as auditors, if you have any questions regarding segregation of duties or would like to know how you could strengthen your controls, please contact your Hawkins Ash representative.