Organisations need to stay alert to the ever-present risk of fraud from all angles. PwC’s Global Economic Crime and Fraud Survey 2020 canvassed more than 5,000 companies across the globe. Losses amounted to USD 42 billion over the previous two years with an average of six frauds per company.
It is shocking that despite the staggering figures involved, PwC sees far too few companies making the effort to protect against or investigate fraud properly. They say:
“The threat of fraud is current and growing. It’s a risk you ignore or underestimate at your peril. And too many businesses are doing just that”.
There are many ways in which companies can protect themselves against fraud risk. Segregation, or separation, of duties is one safeguard that an organization can implement to reduce opportunity and therefore their chances of being targeted by fraudsters.
What is the segregation of duties, and how does it help against fraud?
The segregation of duties (SoD) is the dividing up of responsibilities so that no single person has too much control over a process. For example, an employee might have the authority to order goods and sign off invoices as well. In this case it would be very easy for them to order whatever they wanted or create fake invoices and sign them off to be paid. There would be no requirement to seek approval to make either a purchase or a payment.
Continuing with this simple example, segregating duties and making one person responsible for approving the ordering of goods or services, another for ordering them, and a third for paying the invoices, creates a system that helps prevent transfer fraud and manage third party risk. The person giving approval will need a reason for procuring the item or service. The person doing the ordering needs approval before they can go ahead. And the invoice payer will want to ensure that the goods or service have been received and that the supplier and their account details are genuine.
What issues are associated with segregating duties?
The segregation of duties can be harder in smaller companies where there are fewer employees. Conversely, in larger organizations, separating duties between too many different people or departments can lead to slow and clunky processes. This can be detrimental to flow and efficiency. Speedy responses can often mean a reduction in control so there is a trade-off between efficiency and managing fraud risk effectively. The key is getting the balance right.
Why are internal controls so important?
As we wrote in previous blog posts, opportunity is one of the main drivers of fraud and third party risk . Reduce opportunity and you reduce risk. There are many areas in an organization where too much control over a specific area of duties can lead to fraud, so it is vital to ensure they are all covered with the right policies.
The Association of Certified Fraud Examiners’ (ACFE) 2020 Report to the Nations Global Study on Occupational Fraud and Abuse says that in 32% of cases the lack of internal controls contributed to occupational fraud.
The segregation of duties will go a long way to reducing the chances of fraud in an organization, but this is not the only way in which it can save a company money. When auditing a company, auditors look at if and how internal controls have been set up. They will assess how well duty segregation has been applied and adjust their procedures accordingly if they judge it to be lacking. Because there is a greater risk of fraud the auditing process will be more robust and time consuming and therefore cost more.
Helping to fight fraud risk
Fraud risk will be present in every company. However, by implementing the right controls to prevent it, such as ensuring duties are properly segregated, fraud risk can be minimized. The right company culture, controls, training, robust systems, and regular audits and assessments of fraud risk all help to reduce the risks.
As well as the segregation of duties, digitizing accounting tasks and automating processes removes a lot of risk. Employees should be trained in fraud risk awareness so that they know how to spot it. Early investigation of warning signs will help to minimize damage.
Aligned with the most stringent corporate security restrictions, Trustpair’s solutions automatically check third-party data at every stage of the Procure-to-Pay process to ensure segregation of duties, and data reliability. Bank details of third parties can be systematically checked and continually verified to ensure they are associated with the company’s identity. Third party risk management controls carried out are traceable and all our systems help in the fight against fraud.
Find out more about how our software can help reduce your company’s fraud risk. Contact us to request a demo now!
- Segregation of duties helps reduce fraud and third party risk
- Employees should not have too much control over a process
- Trustpair SaaS will give extra security and peace of mind