Group items tagged

A fundamental element of internal control is the segregation of certain key duties (SOD). The underlying idea is that no employee or group of employees should be in a position both to perpetrate and to conceal errors or fraud in the normal course of their duties. The principal duties typically outlined as incompatible and should be segregated are: Custody of assets. Authorization or approval of related transactions affecting those assets. Recording or reporting of related transactions. Traditional internal control relies on assigning certain responsibilities to different individuals or segregating incompatible functions. This is to prevent one person from having both access to assets and responsibility for maintaining the accountability of those assets. It is imperative that organizations take a fresh look at their SOD assignments and measure and prioritize risk areas that are impacted. With ever changing technological advances and businesses reliance on Information technology, the inability to maintain proper and efficient SOD can hamper an organizations ability to deliver service efficiently. Several prominent documents highlight the principles of SOD requirements including: PCAOB AS5; AICPA Auditing Standard 99; SEC Guidance on Management requirements of internal control over financial reporting and Association of Certified Fraud Examiners Uniform Fraud Classification System. This has resulted in some overly complex systems of internal control that become difficult to maintain and result in reduced focus on higher risk areas.