The Quaestor - Volume 8, Issue 2

While this approach can often lead to realized efficiencies as individuals design new processes for getting the same (or more) work done with a smaller-sized staff, it can also easily result in incompatible functions (from an internal control standpoint) being performed by the same individual, thereby resulting in a compromised segregation of duties for which no mitigating or compensating strategy has been implemented.

“Segregation of Duties” is an internal control activity that is very important for achieving a strong internal control environment. Having a robust segregation of duties between important functions can help to ensure that errors and/or inappropriate activity is detected quickly and corrected.

The underlying concept of segregation of duties is that no employee should be in a position to both perpetrate and to conceal errors or fraud in the normal course of their duties. The incompatible duties to be segregated are (1) custody of the assets, (2) authorization or approval of related transactions affecting those assets, (3) recording or reporting of related transactions, and (4) reconciliations. The same person should not be responsible for more than one of these functions. Segregation of duties is effective because in order for an individual to commit fraud or intentionally conceal an error another individual in the process would need to be recruited (i.e., collusion) as a conspirator, which is risky for the perpetrator as they might be discovered by an honest co-worker.

Some examples (and truly this is just a sampling) of functions that need to be segregated include:

• Individuals responsible for collecting cash (“custody”) should not also prepare the deposit (“recording”), and reconcile the account ledgers (“reconciliation”).
• Individuals responsible for placing orders (“authorization”) (i.e., transacting P-card purchases, Invoice Payment Forms) should not also be reconciling those transactions in the ledgers (“reconciliation”).
• Individuals responsible for tracking (i.e., “recording”) student progress through their academic career at RIT should not also be certifying (i.e., “authorizing”) the student for graduation.
• Individuals responsible for developing/programming new systems/changes to systems (“custody”) should not also be responsible for migrating those system/changes to systems to production (“recording”).
• Individuals who “record” their own time in Kronos should not also approve (“authorize”) that time record.

If segregation of duties cannot be achieved due to staffing constraints, a mitigating/compensating control needs to be implemented. For example, the individual’s supervisor would need to exercise a greater degree of oversight and monitoring over the process.

As with any internal control, there are good reasons for implementing a strong segregation of duties – the control benefits RIT as it serves to deter fraud or identify errors; however, it is just as important for each of us – employees of RIT – as it puts into place a process that will afford us an avenue to avoid unwarranted scrutiny, thereby protecting our own personal integrity of which the benefit is priceless.

So we challenge you now to examine your processes and determine if a compromised segregation of duties exists. If so, either develop a process to segregate the functions or mitigate the risks. If you are uncertain how to do this, just give us a call. We are happy to be a resource for you.

Green Audits enable companies and other organizations to identify their environmental impacts, define a strategy to efficiently reduce these impacts, and assess their compliance with applicable laws and regulations. [3] Contrary to the popular belief that implementing a ‘green’ business approach will increase costs, Green Auditing can actually help organizations to discover opportunities to save money, improve work quality, and better employee health and safety. [4] A Green Audit also reduces liabilities by identifying key risks that need to be addressed in order to meet regulatory compliance.

RIT is a leader in ‘green’ technologies, not only for implementing green business practices and guidelines throughout the campus, but also through the work performed in the Golisano Institute for Sustainability, or GIS. GIS is a multidisciplinary academic unit at RIT whose mission is to undertake world-class education and research programs in sustainability with major foci on sustainable production, sustainable energy, sustainable mobility and ecologically friendly information technology systems. [5]

Within the Internal Audit, Compliance, and Advisement (IACA) department at RIT, we observe RIT’s ‘green’ sustainability initiatives, such as double sided printing to use less paper and recycling office supplies by way of the RITchie’s List. [6] IACA also uses a ‘green’ process approach to our audits by working collaboratively with those we are auditing to organically find solutions or mitigating controls to resolve observations or findings. [7]

Finding collaborative, organic solutions to observations and findings fosters more participation from contributors, which results in a better solution, tailored to the environment, with individual buy-in. A ‘green’ audit process literally “grows” cost effective holistic solutions using existing expertise.

​

Going ‘green’ isn’t a fading fad, as some may think, but something that continues to change the way things are made, what they are made of, and even how people think. So the next time you see an ‘organic’ label or other ‘green’ product, remember that Green Auditing, if part of a good ‘green’ process, helps ensure what we call ‘green’ it is truly ‘green’.

* Illustration by G. Despard; May 2013.

Footnotes:

[1] "Nature-friendly". Webster's New Millennium Dictionary of English, Preview Edition (v 0.9.7). Lexico Publishing Group, LLC.

[2] "Green Audit" definition. Dictionary.com based on Random House Dictionary, © Random House, Inc. 2013.

[3] “Green Auditing”; GreenBiz.com, December 1, 2003; http://www.greenbiz.com/research/report/2003/02/12/green-auditing

[4] “Green to Gold: How Smart Companies Use Environmental Strategy to Innovate, Create Value, and Build Competitive Advantage” by Daniel C. Esty and Andrew Winston; Yale University Press, January 2009.

[5] http://www.rit.edu/gis/

[6] http://www.rit.edu/sustainability/green-your-office

[7] “Safety, Health, and Environmental Auditing: A Practical Guide” by Simon W. Pain; CRC Press, April 2010.