Big4Guy

Segregation of duties has an important bearing on the overall control
environment of an organization. Though I have talked about segregation
of duties recently here and here, the term segregation of duties takes a
whole new meaning in terms of a smaller company. I say this because of
a number of reasons. One major reason is smaller companies generally do
not have as many resources to segregate each and every conflicting
function. Also, the management has a direct role in the day to day affairs of the company.

At one of our smaller clients, many conflicting functions were being
handled by the same person. This I feel is quite normal in many small company set-ups.So whats the solution to addressing segregation of duties in smaller companies. Well, there are compensating controls and alternative control approaches which smaller companies can adopt to address segregation of duties issues. I have listed a few of such
compensating SOD controls below:

1. Periodic review of system reports. These could cover reviewing
details of transactions by managers or supervisors.

2. Conducting periodic physical counts of inventory, assets, equipment etc and matching them with book stock.

3. Reviewing supporting documentation for high risk transactions or
transactions with a likelihood of material mis-statement.

4. Account reconciliations by independent individuals. Reconciliation
of accounts can form an important compensating control for segregation of duty inadequacy.

5. Finally, smaller companies need to build alert mechanisms, flags,
control violation indicators in their business processes to address SOD
issues.

Related Posts

Continuing Material Weaknesses SOX
SOX Application and Data Owners
Multi-Disciplinary Audit Teams for SOX Audit
Application Level Controls