Separation of Duties
Separation of duties is the means by which no one person has sole control over the lifespan of a transaction. Ideally, no one person should be able to initiate, record, authorize and reconcile a transaction.
All organizations should separate functional responsibilities. The separation of duties assures that mistakes, intentional or unintentional, cannot be made without being discovered by another person.
Concepts and Best Practices
|Key Concept||Best Practice|
Separation of duties may vary depending on each unit's size and structure
|Duties may be separated by department or by individuals within a department. The level of risk associated with a transaction should come into play when determining the best method for separating duties.|
Separation of duties should be able to be demonstrated to an outside party.
|Documentation of processes and authorization is helpful in demonstrating a system of control that includes separation of duties.|
|Document the responsibilities:
Separation of duties should be clearly defined, assigned and documented.
|Document and clearly communicate who will initiate, submit, process, authorize, review and/or reconcile each activity within the unit.|
|Review and oversight:
Management should increase the review and oversight function when it is difficult to sufficiently separate duties.
|Assess the potential for mistakes or fraudulent transactions. If the separation of duties is not sufficient to eliminate or adequately reduce the risk of discovering errors, the level of review of management should be increased over the particular activity.|