...Segregation of Duties One element of IT audit is to audit the IT function. While there are many important aspects of the IT function that need to be addressed in an audit or risk assessment, the fundamental element of internal control is the segregation of certain key duties, especially as it relates to risk. The basic idea underlying segregation of duties (SOD) is that no single employee should be in a position both to perpetrate and to conceal errors or fraud in the normal course of their duties. Similar to traditional SOD in accounting functions, SOD in IT plays a major role in reducing certain risk, and does so in a similar fashion as well. Duties that should be segregated include: 1. Custody of the assets 2. Authorization 3. Recording transactions If adequate segregation of duties does not exist, the following could occur: 1. Misappropriation of assets 2. Misstated financial statements 3. Inaccurate financial documentation (i.e. errors or irregularities) 4. Improper use of funds or modification of data could go undetected 5. Unauthorized or erroneous changes or modification of data and programs may not be detected As the figure 1 shows, there are some of the key roles and functions that need to be segregated. 1. IT Duties vs. User Departments The most basic segregation is the segregation of the duties of the IT function from user departments. Generally speaking, this means the user department does not perform its own IT duties. While a department provides...
Words: 2548 - Pages: 11
...Segregation of Duties Introduction An important function of the accounting field is to provide external users of financial statements with assurance that the financial information being presented is both reliable and accurate. This basic function of accounting is so important that there is an entire field of experts, called auditors, dedicated to assuring its proper performance. Throughout history there have been many instances in which the basic equilibrium between an institution and current/potential investor has been threatened due to a lack of accountability and trust between the two parties. This issue has been the catalyst for many discussions regarding the proper procedures a firm should follow in order to provide consumers with a certain level of comfort in the validity of the firm’s financials. A byproduct of the years of lengthy debate has been an increased focus on the internal controls of public and private companies. Defined as the “methods put in place by a company to ensure the integrity of financial and accounting information…,” internal controls has proven to be both a lengthy and controversial topic within the accounting sector. The complexity of internal control requirements has been a topic of broad interest, and the subject of intense conversation for both accountants and business owners because of the increased time and money that is required. One of the major components of internal controls is a concept known as Segregations of Duties...
Words: 2844 - Pages: 12
...Controls Checklist for Evaluating Internal Controls Table of Contents Budgets and Planning 1. Segregation of Duties 2. Procedural Controls Cash 1. Segregation of Duties 2. Procedural Controls Revenues and Receivables 1. Segregation of Duties 2. Procedural Controls 3. Billing and Remittance Verification Capital Assets 1. Segregation of Duties 2. Procedural Controls Procurement and Payables 1. Segregation of Duties 2. Procedural Controls Payroll 1. Segregation of Duties 2. Procedural Controls Electronic Data Processing 1. Segregation of Duties 2. Procedural Controls Financial Reporting 1. Segregation of Duties 2. Procedural Controls Checklist for Evaluating Internal Controls Overview Organizations, whether for profit or non-profit, assess the effectiveness of internal controls. The most efficient way to gather information and evidence about the internal controls of an entity is to conduct an interview with the managers using a checklist form of internal control questionnaire (Louwers, 2007). The preparer of the checklist should include questions about each significant assertion in order to obtain evidence about the control environment. Answers to the internal control questionnaire are in the form of yes or no; no usually indicates some weakness or control deficiency. Policies and Procedures A. Segregation of Duties Yes/No Comments 1. Does your organization have an organizational chart that defines lines of...
Words: 454 - Pages: 2
...Management, Planning and Organization of IS ISACA PROFESSIONAL RESOURCES SEGREGATION OF DUTIES WITHIN INFORMATION SYSTEMS This is an excerpt from the CISA Review Manual 2005 Chapter 2 - Management, Planning and Organization of IS CISA Review Manual 2005 - Pages 88-91 The entire publication and other exam study material can be purchased through the ISACA bookstore at www.isaca.org/cisabooks. CISA® REVIEW MANUAL SEGREGATION OF DUTIES DISCLAIMER ISACA has produced this publication as an educational resource to assist individuals preparing to take the CISA Certification Exam. It was produced independently from the CISA Certification Board, which has no input into or responsibility for its content. ISACA makes no claim that the Segregation of Duties Control Matrix is an industry standard. The material is solely intended as a general guideline to assist in identifying potential conflicts. Functions, designations, nature of business processes, technology deployed and risks may vary from one organization to another. In determining the proper controls, the IS auditing professional should apply his or her own professional judgment to the specific circumstances presented within an enterprise or information technology environment. CISA Review Manual 2005 1 Chapter 2 SEGREGATION OF DUTIES WITHIN IS Actual job titles and organizational structures may vary greatly from one organization to another, depending on the size and nature of the business. However, it is important...
Words: 1893 - Pages: 8
...and duty between shareholder and management. Delima Enterprise Sdn. Bhd. was a large company due to these reasons; the company had been awarded with several engineering projects and its cumulative revenue for 2004 and 2005 were nearly RM 1 million and RM 1.7 million respectively. By referring that reasons, we can say that it was a large company. As a large company, the shareholders are separated from Board of Director and management. However, in this case, there is no separation or segregations of rights and duties between shareholder and management. Segregation of right and duties means assign two or more competent and qualified individuals in a way that provides reasonable assurance comply with the standards. It means, at any time , no one person should be in position of doing the primary functions of authorizing, recording and taking care the custody of assets. Besides, shareholders and director have two completely different roles in company. Shareholders are owner of the company while director manage the company. From what we can see in this case, Encik Zayed is the shareholder of Delima Enterprise Sdn. Bhd., in the same time he act as Managing Director. Meanwhile Puan Hashimah is the shareholder of Delima Enterprise, in the same time she act as Chief Operating Officer. Before the company hire Cik Amy as Finance Executive, Puan Hashimah was responsible for all finance related matters. There is clearly stated that they do not have segregation of rights and duties between...
Words: 668 - Pages: 3
...Internal Controls Internal controls are those measures implemented by organizations for purposes of protection of resources against threats such as fraud, inefficiency, and waste. In addition, its purpose is evaluation of performance in all units; ensuring policy compliance and preparation of accurate and reliable accounting data. Internal control operates under five components and six principles; the five components namely; control environment, information and communication, control activities, and risk assessment. The six principles of control activities are; establishment of responsibility, segregation of duties, documentation procedures, physical controls, independent internal verification and human resource control (Kimmel, pg. 338, Straus 2008). The adequacy and effectiveness of any organization’s internal control is examined by the internal audit office. Its success is strengthened by reviews and recommendations from the internal auditing. The internal control requirements for the LJB Company to adhere before it goes publics will be addressed and it must be in accordance with Sarbanes-Oxley Act of 2002 (SOX.) All publicly traded corporations are required to preserve a satisfactory internal control system. Corporate presidents and administrators must ensure these controls are dependable and efficient. LJB Company needs to establish adequate internal control principles, whether it goes public or not (Kimmel, pg. 337, Straus 2008). The interest of LJB to go...
Words: 1361 - Pages: 6
...fiduciary duties in the business itself. The definition of fiduciary duty is a legal obligation of one party to act in the best interest of another. The obligated party is typically a fiduciary that is someone entrusted with the care of money and property.. In this case, there are abuses of power by management and breach of fiduciary on the part of directors. A fiduciary obligation exists whenever the relationship with the client involves a special trust, confidence, and reliance on the fiduciary to exercise his discretion or expertise in acting for the client. One of the two fiduciary duties categories are the duty to exercise power in good faith and interest of the company. These duties vary with different types of relationships between fiduciaries and their counter-parties. Encik Zayed was planned to terminate the auditor’s appointment and appoint a new ’friendly party’ auditor. Secondly, the duty of care states that duty to pay attention and to try to make good decisions. The duty of director to act for the proper purpose and should not misuse their power. The exercise of director power for an improper purpose is a breach of duty. In this case, the directors’ abuses of power happened when Encik Zayed and Puan Hashimah charged personal vehicle expenses totaling RM50,150 to company during the year 2005. In addition to that, several withdraws from the company totaling RM12,500 were made from the company without proper documentation. 2. Segregation of duties in an accounting...
Words: 672 - Pages: 3
...Securities Exchange Commission Internal Control Requirement Explanation As part of the Initial Public Offering application process with the Securities and Exchange Commission, companies are required to document and validate their internal control activities including policies and procedures. The internal controls must ensure reliable financial reporting, effective and efficient operations, and compliance with applicable laws and regulations. Safeguarding assets against theft and unauthorized use, acquisition, or disposal is also part of internal control “best practices”. The Securities Exchange Commission guidelines for internal control activity validation include one or more of the principles: * Segregation of duties requires that different individuals be assigned responsibility for different elements of related activities, particularly those involving authorization, custody, or recordkeeping. For instance, the same person who is responsible for an asset's recordkeeping should not be responsible for physical control of that asset. * Proper authorization of transactions and activities helps ensure that all company activities adhere to established guide lines unless responsible managers authorize another course of action. Proper authorization also extends to multiple approvers for large capital expenditures and hiring personnel. * Adequate documentation and records provide evidence that financial statements are accurate. Controls designed to ensure adequate...
Words: 823 - Pages: 4
...Y’Lonn James Yolanda Serrano ACCT504-10563 Case Study #2 02/05/2016 Situation a. Missing Internal Controls: Monitoring control is the missing internal control weakness. This monitoring provides “eyes and ears”, so that no one person or group of persons can process a transaction completely without being seen and checked by another person or group. This control involves understanding how companies monitors its control and how effective the monitoring is. The clerk should not be the only person who maintains the entire inventory. Segregation of duties is also missing. Segregation of duties is one of the steps that decrease the likelihood of theft. Segregation of duties prevents a breakdown in a key element of controls, such as improper segregation of duties and/or improper access to assets. Or it might result from a weak control environment. In the absence of the segregation of duties, the clerk has opportunity to steal. Problems: Can record inaccurate information since nobody is there to double check Theft Solution: Put a supervisor in place to for oversight until the cashier is adequate. Implement check and balances by preventing one person from processing transactions. Situation b. Missing Internal Controls: Adequate records, bookkeeping, and Authorization: Nicole is a part of a successful growing business, but does not book keep and provide any reports for the sales team. Problem: Not being able to accurately account for what is...
Words: 406 - Pages: 2
...should have realized this risk involved, having the treasurer in charge of pensions without no supervision or checks on what he had been doing. c. The small city should have segregated these duties of treasurer and management of retirement plans. They should not have had one person in charge of both these duties. In addition, the city should have monitoring in place to double check everything is being done properly. As an auditor, they should have been aware of these opportunities for fraud that exist based on the way the hierarchy was set up. Defalcation 2: a. The auditor should have reviewed operational procedures and controls to identify the defalcation. b. The auditor should have noticed the risk involved with having one person with the authority to create reports, send them to receiving, prepare vendor invoices, and send purchase orders to accounts payable. When you allow one agent to do all these operations, it allows for an easy opportunity for an employee to manipulate statements since he does not have any direct supervision or monitoring on the “sales” he makes. The auditor should look at changes from prior years with regards to purchases from vendors. An auditor should have recognized this potential for fraud. c. There should have been segregation of duties as well as monitoring and supervision in place to verify purchases from vendors. The $125,000 is a significant amount of the company’s sales which you...
Words: 1123 - Pages: 5
...Accounting Associates Securities Exchange Commission Internal Control Requirement Explanation As part of the Initial Public Offering application process with the Securities and Exchange Commission, companies are required to document and validate their internal control activities including policies and procedures. The internal controls must ensure reliable financial reporting, effective and efficient operations, and compliance with applicable laws and regulations. Safeguarding assets against theft and unauthorized use, acquisition, or disposal is also part of internal control “best practices”. The Securities Exchange Commission guidelines for internal control activity validation include one or more of the principles: • Segregation of duties requires that different individuals be assigned responsibility for different elements of related activities, particularly those involving authorization, custody, or recordkeeping. For instance, the same person who is responsible for an asset's recordkeeping should not be responsible for physical control of that asset. • Proper authorization of transactions and activities helps ensure that all company activities adhere to established guide lines unless responsible managers authorize another course of action. Proper authorization also extends to multiple approvers for large capital expenditures and hiring personnel. • Adequate documentation and records provide evidence that financial statements are accurate. Controls designed to...
Words: 851 - Pages: 4
... an auditor learns that the purchasing agent is responsible for purchasing diamonds for use in the company’s manufacturing process, approving the invoices for payment, and signing the checks. No supervisor reviews the purchasing agent’s work. 1, Segregation of duties 2, Employees who purchases diamonds should not be allowed to approve invoices and sign checks. Segregation of duties is needed in order to prevent obvious opportunities for quality control and fraud. 3, Solution: Train a supervisor to approve the purchasing order and another manager or supervisor to approve and sign the checks, this will ensure that proper quality control as well as check & balances are taken into consideration. Situation B: The missing internal controls : Rachel Williams owns an architectural firm. Williams’ staff consists of 19 professional architects, and Williams manages the office. Often, Williams’ work requires her to travel to meet with clients. During the past six months, Williams has observed that when she returns from a business trip, the architecture jobs in the office have not progressed satisfactorily. Williams learns that when she is away, two of her senior architects take over office management and neglect their normal duties. One employee could manage the office. 1, Supervision control 2, The problem arises in the lack of an appointed interim supervisor when Rachel is out. The senior managers are taking it upon themselves to manage when she is out, this appears to...
Words: 531 - Pages: 3
...the control environment. An effective control environment helps to ensure that established policies and procedures are followed. The control environment includes independent oversight provided by a board of directors and, in publicly held companies, by an audit committee; management's integrity, ethical values, and philosophy; a defined organizational structure with competent and trustworthy employees; and the assignment of authority and responsibility. Control activities are the specific policies and procedures management uses to achieve its objectives. The most important control activities involve segregation of duties, proper authorization of transactions and activities, adequate documents and records, physical control over assets and records, and independent checks on performance. A short description of each of these control activities appears below. • Segregation of duties requires that different individuals be assigned responsibility for different elements of related activities, particularly those involving authorization, custody, or recordkeeping. For example, the same person who is responsible for an asset's recordkeeping should not be responsible for physical control of that asset. Having different individuals perform these functions creates a system of checks and balances. • Proper authorization of transactions and activities helps ensure that all company activities adhere to established guidelines unless responsible managers authorize another course of action. ...
Words: 1020 - Pages: 5
...1. Consider the fraud triangle. What opportunities and motivation exist for Nancy to commit fraud? The lacks of internal control in the office have provided opportunities for Nancy to commit fraud. For instance, she is the receptionist and office manager in the office; the doctor leaves her to handle all office duties including collecting cash receipts, billing patients, depositing checks, and the monthly bank reconciliation. This shows the office lacks segregation of duties. Her main motivation to commit fraud is the financial pressure from her family. She is the single mother of four and tries to provided her children all the finer things. She has a second job also indicates she really needs money. Lacks of internal control in the office can also be a motivation for her, since it makes her feel it’s convenient and safe to commit fraud. 2. What should be done to improve internal controls and reduce the risk of fraud as it relates to the segregation of duties? The office should apply segregation of duties, which means one employee should not have custody, authorization, recording and reconciliation functions at the same time. There should be at least four employees in the office if they want to improve the internal control and reduce the risk of fraud. One person should collecting cash receipts and billing patients. The second one should deposit checks. The third one should in charge of the monthly bank reconciliation. The fourth employee should have the authorization...
Words: 273 - Pages: 2
...Reflection of Auditing Lisa Harris AC410 November 26, 2013 Mark Craymar Reflection of Auditing What I gained from these last ten weeks will enable to have a better understanding of everything that goes on within an audit. In any company there must be segregation of duties to ensure there is no misstatements. I am starting a new job in a few weeks and one of the topics that was discussed during my initial interview was segregation of duties. The discussion evolved around the fact that tellers could be responsible for many duties but due to the segregation of duties rule there were certain tasks creating a risk of fraud. Auditors have a duty to investigate anything they feel may be fraud or possible misstatement. This also goes for anyone hired to review records such as a CPA or any individual in charge of reviewing Financials. It would also be their responsibility to report any wrong doings within the company. If they become knowledgeable of any wrong doing they should immediately report it to a higher authority or to the board of directors. As I pursue my career in accounting I will remember all of this information, and if I should encounter any wrong doing I intend to report it. I did not realize how much entailed in the requirements of an audit, I worked in banking for many years and understood we were audited every year and certain things they looked for, but did not truly understand the full extent of it until I took this class. I have more respect...
Words: 277 - Pages: 2
