Add to collection(s) Add to saved
  1. No category
Uploaded by Iyeniyi Banjo

Internal Control Manual SoD 1680230821

advertisement 
ICM – SALIH AHMED ISLAM
INTERNAL CONTROL MANUAL
A. Segregation of Duties
The purpose of this Internal Control Manual is to provide guidance on implementing and
maintaining effective segregation of duties within an organization. Segregation of Duties (SoD) is
a key internal control that helps to prevent errors, fraud, and mismanagement of an
organization's resources. It involves dividing critical tasks among different individuals or
departments to ensure that no single person has the ability to perform actions that could lead to
unauthorized transactions or manipulation of financial records.
1. Principles of Segregation of Duties
There are four primary principles that form the foundation of SoD:
a. Authorization: The process of approving transactions, activities, or decisions.
b. Custody: The process of holding, managing, and safeguarding assets.
c. Recording: The process of maintaining accurate and timely financial and operational records.
d. Reconciliation: The process of reviewing and comparing records to ensure accuracy and
completeness.
Organizations can minimize the risk of fraud and errors by ensuring that no single individual has
the ability to initiate, approve, and record transactions without oversight.
2. Implementing Segregation of Duties
To implement effective SoD, organizations should:
a. Identify critical tasks and processes that require segregation, such as cash handling,
purchasing, payroll, and financial reporting.
b. Analyze the current division of responsibilities among employees and departments.
c. Establish clear roles and responsibilities for each employee and department.
d. Assign duties to different individuals or departments to minimize the potential for
unauthorized activities or manipulation of records.
e. Regularly review and update the assignment of duties to ensure ongoing effectiveness.
1
ICM – SALIH AHMED ISLAM
3. Monitoring and Compliance
To ensure the effectiveness of SoD, organizations should:
a. Implement a system for monitoring compliance with SoD policies and procedures.
b. Conduct regular audits and reviews to identify potential weaknesses or areas for improvement.
c. Train employees on the importance of SoD and their specific roles and responsibilities.
d. Maintain a clear and up-to-date organizational chart that outlines the division of
responsibilities.
e. Establish a process for reporting and investigating potential violations of SoD policies.
4. Overcoming Challenges
Small organizations or those with limited resources may face challenges in implementing
effective SoD. In these cases, organizations should:
a. Use technology to automate processes and establish controls that minimize the risk of
unauthorized transactions.
b. Implement compensating controls, such as regular management reviews, to provide additional
oversight where full segregation of duties is not possible.
c. Engage external auditors or consultants to provide independent review and oversight of
critical processes.
5. Developing a Segregation of Duties Matrix
To better visualize and manage the division of duties, organizations should create a Segregation
of Duties Matrix. This matrix should:
a. List all critical tasks and processes that require segregation, organized by functional area (e.g.,
finance, human resources, procurement, sales, etc.).
b. Identify the roles and responsibilities associated with each task, including authorization,
custody, recording, and reconciliation.
c. Assign specific employees or departments to each role, ensuring that no single individual
holds multiple conflicting responsibilities.
2
ICM – SALIH AHMED ISLAM
d. Include cross-functional dependencies and interactions to highlight potential risks or areas of
overlap.
e. Be reviewed and updated regularly to reflect changes in organizational structure, staffing, or
processes.
6. Managing Segregation of Duties in a Digital Environment
As organizations increasingly rely on technology and digital systems, it is important to adapt
SoD principles to these environments. To ensure effective SoD in a digital context, organizations
should:
a. Implement access controls that restrict employees' ability to perform conflicting tasks within
digital systems (e.g., an employee responsible for authorizing purchases should not have access
to modify vendor records).
b. Use system logs and audit trails to monitor employee activities and identify potential breaches
of SoD policies.
c. Implement multi-factor authentication and other security measures to protect against
unauthorized access and manipulation of digital records.
d. Regularly review and update access permissions to ensure that employees have the
appropriate level of access based on their roles and responsibilities.
7. Mitigating Risks Associated with Segregation of Duties
Despite the implementation of effective SoD, organizations may still face residual risks due to
unforeseen circumstances or human error. To mitigate these risks, organizations should:
a. Establish a strong internal control environment that includes policies, procedures, and training
programs that support and reinforce the importance of SoD.
b. Implement a robust system of checks and balances, including periodic reconciliations and
independent reviews, to identify and address potential discrepancies or violations of SoD
policies.
c. Encourage a culture of transparency and accountability, where employees feel empowered to
report potential issues or concerns without fear of retaliation.
d. Develop a contingency plan for situations where temporary exceptions to SoD policies may be
necessary (e.g., due to employee absences or emergencies).
3
ICM – SALIH AHMED ISLAM
8. Continuous Improvement and Evolution
As organizations grow and evolve, their SoD needs will also change. To ensure the ongoing
effectiveness of SoD policies and procedures, organizations should:
a. Regularly assess the adequacy and effectiveness of their SoD controls through internal audits,
self-assessments, and external reviews.
b. Identify and implement best practices and industry standards to enhance their SoD policies
and procedures.
c. Continuously adapt their SoD framework to align with changes in organizational structure,
processes, and technology.
d. Leverage data analytics and other tools to identify trends, patterns, and areas of potential risk
or improvement related to SoD.
B. Segregation of Duties in the Finance Department
Proper implementation of Segregation of Duties (SoD) within the department can help minimize
the risk of fraud, errors, and mismanagement. The following outlines the key tasks and processes
within the Finance Department that should be segregated to maintain effective internal controls.
Accounts Payable
a. Invoice Processing
Review and approval of invoices: This duty should be assigned to an employee who verifies the
accuracy and validity of invoices before they are paid.
Invoice data entry: A different employee should be responsible for entering the invoice data into
the accounting system.
Payment authorization: A third employee should be responsible for authorizing payments after
verifying the legitimacy of the invoices and the accuracy of the data entry.
b. Vendor Management
Vendor setup and maintenance: One employee should be responsible for setting up and
maintaining vendor accounts in the accounting system.
4
ICM – SALIH AHMED ISLAM
Vendor payment processing: A different employee should be responsible for processing
payments to vendors, ensuring that no one person has control over both vendor accounts and
payments.
Accounts Receivable
a. Billing
Sales order processing: The responsibility of processing sales orders should be assigned to one
employee.
Invoice generation: A different employee should be responsible for generating and sending
invoices to customers.
b. Cash Receipts and Deposits
Cash receipt recording: One employee should be responsible for recording cash receipts in the
accounting system.
Bank deposit preparation: A separate employee should be responsible for preparing and
depositing cash receipts into the organization's bank account.
Payroll
a. Employee Data Maintenance
Employee data entry: One employee should be responsible for entering and updating employee
information in the payroll system.
Pay rate and deduction approvals: A different employee, such as a manager or supervisor, should
be responsible for approving pay rates, salary changes, and deductions.
b. Payroll Processing
Payroll calculation and processing: One employee should be responsible for calculating and
processing payroll payments.
Payroll review and authorization: A separate employee, typically a manager or supervisor, should
be responsible for reviewing and authorizing payroll payments before they are disbursed.
Financial Reporting
a. Record Keeping
5
ICM – SALIH AHMED ISLAM
Journal entry preparation: One employee should be responsible for preparing journal entries for
financial transactions.
Journal entry approval: A different employee should be responsible for reviewing and approving
journal entries before they are posted to the general ledger.
b. Financial Statement Preparation
Financial statement preparation: One employee should be responsible for preparing financial
statements.
Financial statement review and approval: A separate employee, usually a higher-level manager or
executive, should be responsible for reviewing and approving the financial statements before
they are distributed or published.
Asset Management
a. Asset Recording
Asset data entry: One employee should be responsible for entering and updating asset
information in the organization's asset management system.
Asset verification and approval: A different employee should be responsible for verifying the
accuracy of asset data and approving any changes.
b. Asset Reconciliation
Physical asset verification: One employee should be responsible for periodically verifying the
existence and condition of physical assets.
Asset reconciliation: A separate employee should be responsible for reconciling physical asset
counts with the asset management system.
C. Segregation of Duties in the HR Department
Implementing effective Segregation of Duties (SoD) within the HR Department can help
minimize the risk of errors, fraud, and mismanagement. The following outlines the key tasks and
processes within the HR Department that should be segregated to maintain effective internal
controls.
Recruitment and Selection
a. Job Posting
6
ICM – SALIH AHMED ISLAM
Job description creation: One employee should be responsible for creating and reviewing job
descriptions before posting.
Job advertisement: A different employee should be responsible for posting job advertisements
on various platforms to ensure a fair and transparent recruitment process.
b. Applicant Screening
Initial screening: One employee should be responsible for screening applications and selecting
potential candidates for interviews.
Interview scheduling: A separate employee should be responsible for scheduling interviews with
selected candidates.
c. Candidate Selection
Interviewing: Ideally, a panel of interviewers should be used to minimize bias in the selection
process.
Hiring decision: The final hiring decision should be made collectively by the panel or approved
by a higher-level manager to ensure a fair and unbiased selection process.
Employee Onboarding
a. New Hire Documentation
Document collection: One employee should be responsible for collecting and verifying required
documentation from new hires, such as proof of eligibility to work and tax forms.
Employee file creation: A separate employee should be responsible for creating and maintaining
employee files, ensuring that all required documentation is properly filed.
b. Orientation and Training
Orientation scheduling: One employee should be responsible for scheduling and coordinating
new hire orientation sessions.
Training assignment: A different employee should be responsible for assigning and tracking
required training for new hires.
Compensation and Benefits
7
ICM – SALIH AHMED ISLAM
a. Payroll Data Maintenance
Payroll data entry: One employee should be responsible for entering and updating payrollrelated data, such as salary changes and deductions, in the payroll system.
Payroll data approval: A separate employee, such as a manager or supervisor, should be
responsible for approving any changes to payroll data before they are processed.
b. Benefits Administration
Benefits enrollment: One employee should be responsible for enrolling employees in benefit
plans and maintaining accurate records of employee benefit selections.
Benefits invoice review and approval: A different employee should be responsible for reviewing
and approving invoices from benefit providers, ensuring that charges align with employee
selections and contract terms.
Performance Management
a. Performance Appraisal
Performance review completion: Supervisors or managers should be responsible for completing
employee performance reviews.
Performance review approval: A higher-level manager or HR representative should be
responsible for reviewing and approving performance appraisals to ensure fairness and
consistency.
b. Employee Development
Development plan creation: Supervisors or managers should work with employees to create
individual development plans.
Development plan approval and tracking: An HR representative should be responsible for
approving development plans and tracking employee progress.
Employee Relations
a. Employee Grievance Handling
8
ICM – SALIH AHMED ISLAM
Initial grievance intake: One HR representative should be responsible for receiving and
documenting employee grievances.
Grievance investigation: A different HR representative or a designated investigator should be
responsible for conducting impartial investigations into employee grievances.
b. Disciplinary Action
Disciplinary recommendation: Supervisors or managers should be responsible for recommending
disciplinary actions based on documented performance or conduct issues.
Disciplinary action approval: A higher-level manager or HR representative should be responsible
for reviewing and approving disciplinary actions to ensure fairness and consistency.
D. Segregation of Duties in the Purchasing Department
The Purchasing Department is responsible for acquiring goods and services to support an
organization's operations. Implementing effective Segregation of Duties (SoD) within the
Purchasing Department can help minimize the risk of errors, fraud, and mismanagement. The
following outlines the key tasks and processes within the Purchasing Department that should be
segregated to maintain effective internal controls.
Supplier Selection and Management
a. Supplier Evaluation
Supplier identification: One employee should be responsible for researching and identifying
potential suppliers based on the organization's needs and requirements.
Supplier evaluation: A different employee should be responsible for assessing potential suppliers
based on factors such as quality, price, reliability, and compliance with industry standards.
b. Supplier Contract Negotiation
Contract negotiation: One employee should be responsible for negotiating contracts with
suppliers, including pricing, terms, and conditions.
Contract approval: A separate employee, usually a higher-level manager or executive, should be
responsible for reviewing and approving supplier contracts before they are signed.
c. Supplier Performance Monitoring
9
ICM – SALIH AHMED ISLAM
Performance tracking: One employee should be responsible for tracking supplier performance
against contract terms and agreed-upon performance indicators.
Supplier review and feedback: A different employee should be responsible for conducting
periodic reviews of supplier performance and providing feedback to suppliers for continuous
improvement.
Purchase Requisition and Order Processing
a. Purchase Requisition Creation
Requisition creation: Employees from various departments should be responsible for creating
purchase requisitions based on their department's needs.
Requisition approval: A designated approver, such as a manager or supervisor, should be
responsible for reviewing and approving purchase requisitions before they are processed.
b. Purchase Order Creation and Issuance
Purchase order preparation: One employee in the Purchasing Department should be responsible
for preparing purchase orders based on approved requisitions.
Purchase order authorization: A separate employee, typically a higher-level manager or
executive, should be responsible for reviewing and authorizing purchase orders before they are
issued to suppliers.
Receiving and Inspection
a. Goods Receiving
Receipt of goods: One employee should be responsible for receiving goods at the organization's
facility and verifying the accuracy and condition of the delivery.
Receiving documentation: A different employee should be responsible for creating and
maintaining receiving documentation, such as packing slips and delivery receipts.
b. Goods Inspection and Acceptance
Inspection: One employee should be responsible for inspecting the received goods for quality,
quantity, and compliance with the purchase order specifications.
Goods acceptance: A separate employee should be responsible for reviewing the inspection
results and accepting or rejecting the goods based on the inspection findings.
10
ICM – SALIH AHMED ISLAM
Invoice Processing and Payment
a. Invoice Verification
Invoice review: One employee should be responsible for reviewing supplier invoices for accuracy
and completeness, comparing them to the purchase order and receiving documentation.
Invoice approval: A different employee should be responsible for approving invoices for payment
after verifying their accuracy and completeness.
b. Payment Processing
Payment preparation: One employee should be responsible for preparing payments to suppliers
based on approved invoices.
Payment authorization: A separate employee should be responsible for authorizing payments to
suppliers, ensuring that only valid and approved invoices are paid.
11
Related documents
internal-control
internal-control
SEGREGATION OF DUTIES – CASH HANDLING
SEGREGATION OF DUTIES – CASH HANDLING
Internal Control
Internal Control
Kindred Souls by Patricia MacLachlin
Kindred Souls by Patricia MacLachlin
October 29 Internal Control lesson BAT4M
October 29 Internal Control lesson BAT4M
Lesson 3 - Solving Problems by Using Right-Triangle Models
Lesson 3 - Solving Problems by Using Right-Triangle Models
Download
advertisement