About this Policy
Segregation of Duties
Policy Number: 21302
Effective Date:
Dec 12, 2017
Last Updated:
Responsible Office:
Every Employee
Responsible Administrator:
Managers and Principal Investigators (PI)
Policy Contact:
Campus Accounting Office
Categories:
- Finance
Menu:
- Scope
- Reason for Policy
- Policy Statement
- Definitions
- Accountabilities
- Forms
- Related Information
- History
- Procedure
Scope
All University employees are responsible for performing their duties in accordance with proper Internal Controls as established by management. Segregation of duties is one of the key elements of Internal Control.
Reason for Policy
Segregation of duties is critical because it ensures separation of different functions and defines authority and responsibility over transactions. Segregation of duties is also a key Internal Control; it reduces the risk of errors and inappropriate actions.
Senior administration and all individuals responsible for assignment and supervision of employees that carry out fiscal activities, budget, and implementation of Internal Controls must ensure there is adequate segregation of duties within their areas of responsibility. An individual should not be in a position to initiate, approve, and review the same action. The recording/Verification function and the asset (e.g., money, inventory) custody function should be separated among employees.
Policy Statement
In an ideal environment, a different employee should perform each of the following major duties or functions:
- Authorization
- Recording
- Verification
- Custody of Assets
- Managerial Review
No one person should have responsibility to complete two or more of these major functions. There is a greater need for proper segregation of duties for assets that are more negotiable (i.e. cash funds, negotiable checks and inventories). If a person performs more than one of these major functions, mitigating controls should be put in place. Without additional Mitigating Controls in place, there is the potential to carry out and conceal errors and/or irregularities in the course of performing day-to-day activities.
Federal, state and other sponsor regulations impose additional requirements for the Authorization, review and documentation of sponsored activity that necessitate additional controls. Authorization, Verification and Managerial Review should not be performed by the same person. However, although it is less than optimal, the Principal Investigator (PI) may be allowed to perform all three functions when adequate Mitigating or Compensating Controls are in place.
The departmental office is responsible for maintaining accurate documentation of Authorizations and retaining documentation of the delegation of authority in a reproducible form, in accordance with records retention requirements (see the Records Retention Guides).
The major functions presented above are discussed as follows:
Authorization
All transactions must be authorized. The individual initiating the transaction must have the authority to do so. Authorization confirms adherence to the following general requirements:
- Employees cannot authorize transactions for their own reimbursement.
- Documentation of the Authorization.
- All transactions must adhere to University policies, existing laws, regulations, compliance requirements, as well as any terms and conditions of the sponsor.
- All individuals responsible for assignment and supervision of employees that carry out fiscal activities, or their designees, should appoint and document authorized signers of all financial transactions.
- The PI is responsible for all sponsored activity to ensure the activity is Allowable, Allocable, and within the period of availability. For operational convenience the PI may delegate another employee to authorize transactions on his/her behalf. The department must manage and maintain documentation of delegated authority.
Note: Many transactions feed to General Ledger (GL) via a Feeder System. Some Feeder Systems allow both departmental users and the Feeder System Owner to input transactions to the Feeder System. Documentation of authorization must be maintained by the department entering the transaction for a feeder.
Recording
Recording is the process of creating and maintaining records of revenues, expenditures, assets, and liabilities. These may be manual records or records maintained in the financial systems.
Verification
Verification of processing or recording of transactions ensures all transactions are valid, comply with Authorization requirements, and are properly recorded on a Timely basis. This includes resolving identified differences or discrepancies. The Verification must be documented with a signature (electronic or manual) and date.
A PI, when size limitations apply may be permitted to verify all transactions for their respective sponsored activity; however, Internal Controls are significantly enhanced when someone other than the PI performs this function.
Custody of Assets
Custody of Assets is the access to or control over physical assets such as cash, checks, equipment, supplies, or materials.
Managerial Review
In all cases, there is a level of review of the activity by managerial level personnel. This Managerial Review function provides assurance that segregation exists and that the transactions are appropriate. The frequency and extent required of the Managerial Review depends upon the degree to which duties are or are not segregated and other factors such as the dollar volume of transactions, the amount of cash involved, or the nature of the operation.
Minimal Acceptable Degrees of Segregation
In those departments where the optimum degree of segregation cannot be achieved, a minimum degree of segregation must be maintained. At a minimum, no person should be able to perform more than two of the functions. The matrix below illustrates various degrees of segregation. The X, and O represent different staff members, and the M represents a third staff member—the manager.
Authorization | Recording | Verification | Managerial Review
|
|
---|---|---|---|---|
1 |
O |
X |
O |
M |
2 |
X |
X |
O |
M |
3 |
X |
O |
O |
M |
4 |
X |
X |
X |
M |
To maximize the opportunity to identify errors in the ordinary course of business, it is recommended that the process of recording and Verification be performed by two different individuals such as in examples 1 and 2. In examples 3 and 4, there must be a significant reliance on the Managerial Review to operate on a much more detailed and frequent basis to identify errors and irregularities Timely.
In instances where duties cannot be fully segregated, based on the matrix presented above, Mitigating or Compensating Controls must be established. For instance, if the record keeper also performs a Verification process, a frequent detailed review could be performed and documented by a supervisor to provide additional control over the assignment of incompatible functions.
Mitigating Controls
There are several other control mechanisms that may mitigate a lack of segregation of duties:
- Audit trails enable re-creation of the actual transaction flow from the point of origination to its existence on an updated file. Adequate audit trails should provide the initiator of the transaction, date and time of entry, type of entry, data fields, and files updated.
- Reconciliation of applications increases the level of confidence that processes ran and/or interfaced successfully.
- Exception reports monitored at a supervisory level, supported by evidence that exceptions are reviewed, and if necessary, corrected Timely. The review must be evidenced by signature of the supervisor and dated.
- Managerial Reviews should periodically be performed through observation and inquiry to help detect errors and irregularities.
Definitions
Allocable - costs incurred specifically for the sponsored program, or incurred for several activities and can be distributed between them in reasonable proportion to benefits received, and are clearly necessary to the program.
Allowable - costs or revenues directly related to the performance of an award and permitted under the terms of an award and Office of Management and Budget (OMB) Uniform Guidance. These transaction amounts must be reasonable and Allocable to the award and given consistent treatment through generally accepted accounting principles appropriate for the circumstance.
Authorization - process of giving someone permission to initiate a financial transaction, known as approval, indicating agreement that a transaction meets certain accounting and compliance requirements as defined by the University.
Feeder System - database and/or dedicated system/module that controls information that will be transmitted to the General Ledger.
Feeder System Owner - University department responsible for the Feeder System.
Internal Control - process established by management, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
- Effectiveness and efficiency of operations
- Reliability of financial reporting
- Compliance with applicable laws and regulations
Managerial Review - process providing assurance that appropriate individuals are authorizing, recording, and verifying accounting transaction information.
Mitigating or Compensating Control - additional procedure designed to reduce the risk of errors or irregularities in those instances where duties cannot be fully segregated.
Timely – within two accounting periods (two months) after the end of the accounting period in which the original transaction posted. When errors and omissions are not discovered in a Timely manner, additional approvals may be required.
Verification - process that confirms accuracy of accounting transactions, such as appropriate use of ChartFields and that the transaction was recorded in the appropriate accounting period.
Accountabilities
Employees:
- Responsible to understand and follow appropriate policies and procedures for their job.
- Responsible for executing Internal Control activities.
- Identify opportunities to increase the reliability and integrity of the University’s accounting systems.
- Notify supervisors of weaknesses in, and opportunities to enhance Internal Controls.
Managers:
- Establish appropriate controls in their sphere of influence.
- Monitor the operation and effectiveness of controls.
- Ensure appropriate segregation exists between functions.
- Ensure that effective Mitigating Controls are in place when adequate segregation of duties cannot be achieved.
Principal Investigator (PI):
- Responsible for all sponsored activity to ensure the activity is Allowable, Allocable and within the period of availability.
- Perform and document the Managerial Review periodically, but must perform the review no less than quarterly for adherence to compliance requirements.
- Perform Timely Managerial Reviews of the financial system reports including a budget to actual comparison for the sponsored program Chart Field string(s).
- PI can perform multiple functions of segregation of duties, but they are not allowed to record and authorize the same transaction.
Additional Details
Forms
Segregation of Duties-Delegation of Authority (form)
Related Information
History
This policy combines the following former policies:
- Accounting Policy Manual 2.25.55 – Segregation of Duties (revised 8/29/2008)
- Accounting Policy Manual 2.25.55.01 – Segregation of Duties – Sponsored Programs (revised 10/8/2014)
- Accounting Policy Manual 2.25.55.02 – Segregation of Duties – Delegation of Authority
Procedure
Reviewed 2017-12-06