Building Trust and Security: The Role of Segregation of Duties in Fraud Prevention
Have you ever watched a documentary, or a real-life crime show and thought to yourself “Wow, there’s no way that could ever happen to me. How dumb are those people??!” But I’m here to tell you, it happens to many small businesses. Twenty-two percent of small businesses experience employee theft and furthermore, small businesses experience fraud at a rate of 42%.
That’s a lot.
Storytime:
In my early 20’s I worked in a small bank. The kind of place where everyone knew everyone and we were kind of a family. This is the place where everyone was trusted to operate with integrity and act in the best overall interest of the bank.
Until. There’s always and ‘until’… isn’t there?
Until a senior manager was caught stealing hundreds of thousands of dollars. She was able to forge documents, create fake loans, and issue checks, which she used to put money in her pocket. This was a blow to the organization. There was a lot of trust broken, and it sent a lot of people reeling. From then on, a lot of things changed… but it was too late.
So, if you trust your employees, that’s great! If you’re a family… also great. But just know that people get in a bad spot and do something they wouldn’t normally think of. And even good people do bad things.
One of the biggest issues with the fraud that happened at that bank was that this manager was able to create and fund transactions alone. There was very little segregation of duties.
Segregation of duties seems really tricky, but here are some simple steps to break it down for you. Overall the goal is to make sure that no one person can complete a transaction on their own.
So how do you do that?! Look at your processes and apply ARC to figure out how to break up those duties. As your financial processes
Authorization: Authorization means someone who can authorize a transaction such as signing a check, approving payroll, ordering inventory, or releasing wires. If you have given an employee this responsibility, they shouldn’t be allowed to record transactions or have custody of assets.
Record: Recording means someone responsible for recording in the accounting software, issuing invoices, and conducting bank reconciliation. If you have given an employee this responsibility, they shouldn’t be allowed to authorize transactions or have custody of assets.
Custody: Custody means someone has access to or control of assets such as bank accounts. If you have given an employee custody they should not have access to authorize or record transactions.
So let’s give a real-life example here, if you give your employee a corporate card for simple expenses like office supplies, and client lunches. So this employee now has authorization for these transactions. As a result, they should not be recording anything in the accounting system because they could use the credit card for fraud and then cover it up with recorded transactions in the account that hide what the transactions were really for. Additionally, now they have a corporate card, if they had custody of the bank account (meaning they are a signer) they can add additional cards, increase their spending limits, and use those funds fraudulently.
See how these concepts work together? If someone can start, enter, or sign off a transaction all by themselves, then they work with impunity. Which is bad for you.
The truth is we all want to trust people in our business, but if you don’t put in a few checks and balances, your business is exposed. Just like that surprising incident at the small bank, where even trusted folks fell prey to temptation. But fear not! There's a silver lining. We've got a bunch of practical steps to help protect your business against internal threats. Check out our newest guide, Five Keys to Fraud-proofing Your Business.
Want to stay in the loop with more handy tips and tricks for safeguarding your business? Jump on board with us on LinkedIn and Facebook! We're building a community where we dish out invaluable insights and resources to keep your business thriving, no matter what curveballs come your way. Let's team up and make sure your business stays safe and sound in today's ever-changing world
