Lessons learned from violating SOD

Concept of Segregation of Duties (SOD) is defined as “A basic internal control that prevents or detects errors and irregularities by assigning responsibility for initiating and recording transactions and custody of assets to separate individuals”.

What exactly differentiates SOD from mere separation of duties is the concept that processing, approval / authorization and filing or custody or asset, information or transaction should be performed by separate persons. No single person should have access over these functions.

Neglecting SOD may create opportunity for Fraud

SOD is basic, but key internal control, neglecting which may create opportunity for fraud.

Unfortunately, this principle or internal control concept is often ignored in various small and medium size enterprises (SME). SME often lacks funds or technical capabilities to segregate three functions to separate individuals.

What Management Can Learn From SOD

At one of manufacturing client, we were supposed to conduct internal audit and controls evaluation of Sales & Receivables process. One of the key observation was to implement SOD in (1) customer addition (2) order processing and (3) recovery functions.

Any person having access to these functions can softly perpetrate fraud. He is in a super-control position to add fake customer, process order and, hide information when it comes to recovering outstanding debts.

Management was informed to address the situation, which they did initially. After some time, there happens restructuring for the sake of company’s savings and to improve profitability. All three functions were handed over to one person.

Realizing opportunity for fraud, the Sales Assistant created fake account in his name, processed order on credit terms and removed related information in Receivables Ageing report which was reviewed by his superior. The product was sold in market and he left both company and country taking away 1 million.

From cost benefit perspective, organisation tried playing a gamble that proved expensive and costly compared to savings planned by curtailing key staff positions.  

References:

ISACA Glossary Terms; http://www.isaca.org/Knowledge-Center/Lists/ISACA%20Glossary%20Terms/DispForm.aspx?ID=1700)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s