Preventative measures
Segregation of duties
No single person should:
- record transactions and reconcile balances.
- handle cash and verify deposits.
- handle assets and reconcile perpetual records to physical counts.
- enter or approve a check request and have the check returned to themselves.
Segregation of duties is essential to effective internal control. It reduces the risk of both erroneous and inappropriate actions. It is a deterrent to fraud. Key functions that must be adequately separated are described above. When it is extremely difficult to separate these functions, a detailed supervisory review of related activities or transactions is required as a compensating control activity. To ensure proper separation of duties, a person should never approve a transaction for which they are the payee.
Approvals
Approval authority should only be given to individuals with sufficient authority and knowledge to recognize and challenge unusual transactions.
- Control authority to approve with limits on both transaction amount and number of employees granted authority
- Review supporting documentation
- Compliance with University policies and procedures
- Question unusual items
- Determine if budget exists
- Determine if charges to grants are allowable
- No “rubber stamps” or “blind” approvals
- No sharing of passwords
- No splitting of transactions to avoid higher approval levels
To ensure proper separation of duties, a person should never approve a transaction for which they are the payee.
If the reviewer notes any transaction(s) that, after his/her investigation, is not a legitimate department expense, he/she should contact his/her supervisor.
Password security should be adjusted upon an employee’s termination, transfer, or change in responsibilities.