Prevent Fraud by Segregating Financial Duties
Segregation of duties is a fraud-prevention strategy that assigns various steps in a financial transaction to different people in the organization. For example, organizations that want to discourage fraud segregate the following three duties for cash transactions:
Custody of assets: Person A has physical custody of (access to) the assets. For cash, Person A has the checkbook. For equipment, Person A has the keys to the equipment room.
Authority over assets: Person B has authority to move assets — to sign checks or sign out equipment for company use.
Responsibility to record transactions: Person C makes the accounting entries for cash, debiting cash for deposits and crediting cash when Person A writes checks and Person B signs them.
If any one person has two or more of these duties, transactions are more vulnerable to fraud. If the person is in charge of all three duties, she can write a check, sign it, and record the transaction without anyone else in the organization knowing about it. The fraud may continue for years before it's detected.
For example, a city in the Midwest didn't segregate duties for cash transactions. As a result, its controller was able steal tens of millions of dollars over a 12-year period before getting caught.
The controller was able to:
Open an account with a fictitious company name and an address of the controller's choosing. (Segregation of duties couldn't have prevented this.)
Write and sign checks from the city's accounts payable to this fictitious company.
Post accounting entries to the city's accounting records, which implied that the payments were for legitimate products or services.
If the duties of writing and signing the checks had been assigned to different people, Person B may have wondered what the payments were for before signing off on them. If a third person had been in charge of reconciling the bank account, that Person C may have noticed the large number of checks paid to the fictitious company and asked, "Why are we making all these payments? What are we paying for?" That's usually how this fraud is caught.
In this case, the jig was up when the controller went on vacation. Another accountant who took on the duties of the controller noticed the large amount of activity with the fictitious company. By then, however, millions of dollars had been stolen.