Preventative measures

Segregation of duties

No single person should:

• record transactions and reconcile balances.
• handle cash and verify deposits.
• handle assets and reconcile perpetual records to physical counts.
• enter or approve a check request and have the check returned to themselves.

Segregation of duties is essential to effective internal control. It reduces the risk of both erroneous and inappropriate actions. It is a deterrent to fraud. Key functions that must be adequately separated are described above. When it is extremely difficult to separate these functions, a detailed supervisory review of related activities or transactions is required as a compensating control activity. To ensure proper separation of duties, a person should never approve a transaction for which they are the payee.

Approvals

Approval authority should only be given to individuals with sufficient authority and knowledge to recognize and challenge unusual transactions.

• Control authority to approve with limits on both transaction amount and number of employees granted authority
• Review supporting documentation
• Compliance with University policies and procedures
• Question unusual items
• Determine if budget exists
• Determine if charges to grants are allowable
• No “rubber stamps” or “blind” approvals
• No sharing of passwords
• No splitting of transactions to avoid higher approval levels

To ensure proper separation of duties, a person should never approve a transaction for which they are the payee.

If the reviewer notes any transaction(s) that, after his/her investigation, is not a legitimate department expense, he/she should contact his/her supervisor.

Password security should be adjusted upon an employee’s termination, transfer, or change in responsibilities.