0% found this document useful (0 votes)
680 views25 pages

Segregation of Duties Questionnaire

The document provides guidance on assessing segregation of duties for accounting applications. It discusses key duties that should be segregated, such as authorization, custody of assets, and recording or reporting. It includes templates to identify potential conflicts of duties for cash receipts and expenditures. Completing the templates highlights any instances where one individual performs incompatible duties, which could undermine internal controls.

Uploaded by

Manna Mahadi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
680 views25 pages

Segregation of Duties Questionnaire

The document provides guidance on assessing segregation of duties for accounting applications. It discusses key duties that should be segregated, such as authorization, custody of assets, and recording or reporting. It includes templates to identify potential conflicts of duties for cash receipts and expenditures. Completing the templates highlights any instances where one individual performs incompatible duties, which could undermine internal controls.

Uploaded by

Manna Mahadi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 25

Table of Contents

SEGREGATION OF DUTIES QUESTIONNAIRE: CASH RECEIPTS IN SIGNIFICANT APPLICATIONS...............2


SEGREGATION OF DUTIES QUESTIONNAIRE: EXPENDITURE.........................................................................5
SEGREGATION OF DUTIES QUESTIONNAIRE: FIXED ASSETS.........................................................................7
SEGREGATION OF DUTIES QUESTIONNAIRE: HOTEL REVENUE....................................................................9
SEGREGATION OF DUTIES QUESTIONNAIRE: INVENTORY............................................................................14
SEGREGATION OF DUTIES QUESTIONNAIRE: PAYROLL................................................................................17
SEGREGATION OF DUTIES QUESTIONNAIRE: PROCUREMENT AND ACCOUNTS PAYABLE......................20
SEGREGATION OF DUTIES QUESTIONNAIRE: PURCHASING AND AP...........................................................24
SEGREGATION OF DUTIES QUESTIONNAIRE: REVENUE...............................................................................26
SEGREGATION OF DUTIES QUESTIONNAIRE: CASH
RECEIPTS IN SIGNIFICANT APPLICATIONS

Adequate segregation of duties is an important consideration when determining if a company’s control activities
are effective in achieving the objectives of internal control. Engagement teams are encouraged to use this form to
help identify potentially conflicting duties within each application and related applications and include it in the work
papers as documentation of the analysis of the adequacy of the segregation of duties. Any potentially conflicting
duties are noted and evaluated in the work papers. In addition, when no one performs a duty it may indicate a
weakness in controls.

A fundamental element of internal control is the segregation of certain key duties. The basic idea underlying
segregation of duties is that no employee or group should be in a position to perpetrate or conceal errors or fraud
in the normal course of their duties. In general, the principal incompatible duties to be segregated are:
• Custody of assets
• Authorization or approval of related transactions affecting those assets
• Recording or reporting of related transactions

An essential feature of segregation of duties/responsibilities within an organization is that no one employee or


group of employees has exclusive control over any transaction or group of transactions. In addition, a control over
the processing of a transaction should not be performed by the same individual who is responsible for recording
or reporting the transaction.

Based on the above criteria, this form has been designed to highlight conflicting duties performed by one
individual (potential lack of proper segregation of duties). This form is completed by indicating the name(s) of the
individual(s) responsible for each function within the applications listed. If a function is performed by a computer
application, indicate “computer” or “IT” as the “individual.”

After the form has been completed for each significant application, we review the form for any instances where
one individual is performing duties that would be considered to be incompatible. Potentially incompatible duties
would exist if one individual performs duties in more than one category (authorization or approval, custody, or
recording/reporting) or if an individual is responsible for performing a control over the same transaction that the
individual is responsible for recording/reporting.

A practical method of using this form is to review it for individuals who are listed in more than one column and
then determine whether that represents a potential lack of segregation of duties. We keep in mind that not all
instances where an individual performs duties in more than one column represent a lack of segregation of duties.
In addition, we consider that there is the possibility of a lack of segregation of duties within the same category
(e.g., the individual who authorizes credit also approves the write-off of uncollectible accounts).

This form should be used in conjunction with our control analysis process for each application. Our control
analysis may indicate other controls performed by the same individual. Consequently, this form is intended to
highlight potentially conflicting duties, not to be the only method of identifying conflicting duties.

Once an individual is identified as performing incompatible duties, all duties performed by that individual should
be considered to determine whether the effectiveness of those duties is reduced or eliminated by the lack of
segregation of duties. If it is, the next step is to address their effects on our assessments of the controls over the
applications(s) involved and the risk of fraud and on our audit approach. Inadequate segregation of duties tends to
affect our audit approach in the following ways:
• Conflicts may undermine the effectiveness of a control activity. For example, if the same person writes checks
and performs the bank reconciliation, the performance of the bank reconciliation may not be an effective
control for some objectives.

1
1 Source: www.knowledgeleader.com
• Conflicts may indicate inappropriate authorization, safeguarding of assets or asset accountability procedures,
such as when the same person has custody of assets and records transactions. This may indicate the need to
increase our procedures for testing the existence of assets before the balance sheet date.

SEGREGATION OF DUTIES IN SIGNIFICANT ACCOUNTING APPLICATIONS

Company: ______________________________________________________________

Subsidiary or Division: ______________________________________________________________

Audit Date: ______________________________________________________________

CASH RECEIPTS APPLICATION

Duty Custody of Control


Authorization Recording
Assets Activity

Opens mail and lists checks.

Handles currency receipts.

Prepares bank deposits.

Compares check listings to bank deposits.

Maintains cash receipts journal.

Maintains accounts receivable records.

Reconciles bank accounts.

Authorizes write-offs of uncollectible accounts.

Reconciles accounts receivable records to the


general ledger.

Controls the accuracy, completeness of, and


access to cash receipts programs and data files.

Additional Considerations
In instances where “computer” or “IT” has been listed as performing a function checked above, consider whether:
• The individuals authorized to enter transactions or adjustments perform other incompatible duties.
• The company has procedures to ensure that only authorized individuals have the capabilities to enter the
transactions or adjustments.

In addition, when the “computer” or “IT” has been identified as performing potentially incompatible duties, consider
whether the segregation of duties within the IT department and/or other controls result in effective segregation of
duties.

2
2 Source: www.knowledgeleader.com
SEGREGATION OF DUTIES IN SIGNIFICANT ACCOUNTING APPLICATIONS

Company _________________________________________________________________

Subsidiary or Division _________________________________________________________________

Audit Date _________________________________________________________________

CASH RECEIPTS APPLICATION

Conclusion
Have any potentially conflicting duties been identified? Yes No

If potentially conflicting duties have been identified, note them below and either:
• Indicate below their effects on our evaluation of the controls over the cash receipts application, our
assessment of the risk of fraud and our audit approach.
• Indicate where their effects are considered in the working papers.

3
3 Source: www.knowledgeleader.com
SEGREGATION OF DUTIES QUESTIONNAIRE:
EXPENDITURE

A fundamental element of internal control is the segregation of certain key duties. Adequate segregation of duties
reduces the likelihood that errors (intentional or unintentional) will remain undetected by providing for separate
processing by different individuals at various stages of a transaction and for independent reviews of the work
performed.

The basic idea underlying segregation of duties is that no employee or group should be in a position to perpetrate
or conceal errors or fraud in the normal course of their duties. In general, the principal incompatible duties to be
segregated are:
• Custody of assets
• Authorization or approval of related transactions affecting those assets
• Recording or reporting of related transactions
• Execution of the transaction or transaction activity

In addition, a control over the processing of a transaction generally should not be performed by the same
individual responsible for recording or reporting the transaction.

The requisition, ordering, receiving, paying and general accounting activities need to be appropriately segregated
if all control objectives must be met. For example, those who perform the ordering (purchasing) activity, including
those who maintain contact with outside suppliers and issue purchase orders, should not perform any receiving,
accounting or cash disbursement activities.

The duties to be considered in determining the adequacy of segregation of duties among those responsible for
purchasing transactions are listed in the following table. In smaller organizations, these duties may also need to
be reviewed along with those of other functions, as some individuals may have responsibilities in more than one
area.

List the names of individuals responsible for each function in the column indicated (e.g., the names of the
individuals who are responsible for issuing purchase orders would fall into the Recording column). If a function is
performed by a computer application, then indicate “computer” or “IT” in the applicable column. If an individual
performs a function by using an IT application, make an “IT” notation (where applicable) to facilitate consideration
of the relevant application access controls.

Review the table for individuals whose names are listed in more than one column, and then determine whether
that represents a potential lack of segregation of duties. Also consider whether individuals are performing
incompatible duties within the same column (e.g., control procedures). If an individual is identified as performing
incompatible duties, all duties performed by that individual should be reviewed to determine whether the
effectiveness of those duties or whether there is a risk of fraud due to the lack of segregation of duties.

Completion of this table is intended to highlight potentially conflicting duties but is not intended to be the only
method of identifying all such conflicting duties. Additional reporting and review processes or spot checks may be
included to ensure identification of fraud.

Custody of Control
Duty Authorization Recording
Assets Procedures
Initiates purchase orders (POs).
Approves POs.
Issues POs.
Authorizes p-card purchases.

4
4 Source: www.knowledgeleader.com
Custody of Control
Duty Authorization Recording
Assets Procedures
Approves access to p-cards.
Maintains p-card credit limits.
Approves access to vendor master files.
Approves debit memos to vendors.
Issues debit memos to vendors.
Issues and signs receiving reports.
Matches invoices to receiving documents.
Initiates invoice coding and approval
request forms (ICARFs).
Matches invoices to ICARFs.
Approves ICARFs.
Approves p-card purchases for
payments.
Prepares checks.
Signs checks.
Mails checks.
Maintains purchase journals.
Maintains AP records.
Reconciles the accounts payable records
(or the total of unpaid vouchers) with the
general ledger control amount.
Controls of the accuracy, completeness
of, and access to purchasing and
accounts payable programs and data
files.

5
5 Source: www.knowledgeleader.com
SEGREGATION OF DUTIES QUESTIONNAIRE: FIXED
ASSETS

A fundamental element of internal control is the segregation of certain key duties. Adequate segregation of duties
reduces the likelihood that errors (intentional or unintentional) will remain undetected by providing for separate
processing by different individuals at various stages of a transaction and for independent reviews of the work
performed.

The basic idea underlying segregation of duties is that no employee or group should be in a position to perpetrate
or conceal errors or fraud in the normal course of their duties. In general, the principal incompatible duties to be
segregated are:
• Custody of assets
• Authorization or approval of related transactions affecting those assets
• Recording or reporting of related transactions
• Execution of the transaction or transaction activity

In addition, a control over the processing of a transaction generally should not be performed by the same
individual responsible for recording or reporting the transaction.

Approval, recording, possession and reconciliation of fixed assets need to be appropriately segregated to meet all
control objectives. Adequate segregation of duties reduces the likelihood that errors (intentional or unintentional)
will remain undetected by providing an accounting check over the payment of salaries and wages.

The duties to be considered in determining the adequacy of segregation of duties among those responsible for
fixed asset transactions are listed in the following chart. In smaller companies, these duties may also need to be
reviewed along with those of other functions, as some individuals may have responsibilities in more than one
area.

List the names of individuals responsible for each function in the column indicated (e.g., the names of the
individuals who are responsible for issuing purchase orders would fall into the Recording column). If a function is
performed by a computer application, then indicate “computer” or “IT” in the applicable column. If an individual
performs a function by using an IT application, make an “IT” notation (where applicable) to facilitate consideration
of the relevant application access controls.

Review the table for individuals whose names are listed in more than one column, and then determine whether
that represents a potential lack of segregation of duties. Also consider whether individuals are performing
incompatible duties within the same column (e.g., control procedures). If an individual is identified as performing
incompatible duties, all duties performed by that individual should be reviewed to determine the effectiveness of
those duties or whether there is a risk of fraud due to the lack of segregation of duties.

Completion of this table is intended to highlight potentially conflicting duties but is not intended to be the only
method of identifying all such conflicting duties. Additional reporting and review processes or spot checks may be
included to ensure identification of fraud.

Custody of Control
Duty Authorization Recording
Assets Procedure
Approves asset acquisitions, transfers,
retirements and disposals.
Initiates POs.
Approves POs.
Records asset acquisitions, transfers,

6
6 Source: www.knowledgeleader.com
Custody of Control
Duty Authorization Recording
Assets Procedure
retirements and disposals.
Approves invoices/construction work
orders.
Processes invoices/construction work
orders.
Maintains custody of property, plant and
equipment.
Maintains the property ledger.
Supervises physical (cycle) inventory of
property, plant and equipment.
Reconciles physical (cycle) inventory of
property, plant and equipment to the
property ledger.
Reconciles the property ledger to the
general ledger.
Controls the accuracy, completeness
of, and access to property, plant, and
equipment programs and data files.

7
7 Source: www.knowledgeleader.com
SEGREGATION OF DUTIES QUESTIONNAIRE: HOTEL
REVENUE

A fundamental element of internal control is the segregation of certain key duties. Adequate segregation of duties
reduces the likelihood that errors (intentional or unintentional) will remain undetected by providing for separate
processing by different individuals at various stages of a transaction and for independent reviews of the work
performed.

The basic idea underlying segregation of duties is that no employee or group should be in a position to perpetrate
or conceal errors or fraud in the normal course of their duties. In general, the principal incompatible duties to be
segregated are:
• Custody of assets
• Authorization or approval of related transactions affecting those assets
• Recording or reporting of related transactions
• Execution of the transaction or transaction activity

In addition, a control over the processing of a transaction generally should not be performed by the same
individual responsible for recording or reporting the transaction.

The following activities need to be appropriately segregated if to meet all control objectives:
• Guest Services: Rooms
• Guest Services: Banquets
• Guest Services: Food and Beverage
• Night Audit/Income Audit
• Direct Bill/Invoice Processing
• Credit Memo Functions

For example, those who perform the generate and modify banquet event order (BEO) activity, including those who
maintain contact with clients and generate banquet tickets, should not perform any credit approval, billing or
accounting activities.

The duties to be considered when determining the adequacy of segregation of duties among those responsible for
revenue-generating transactions are listed in the following charts. In smaller companies, these duties may also
need to be reviewed along with those of other functions, as some individuals may have responsibilities in more
than one area.

List the names of individuals responsible for each function in the column indicated (e.g., the names of the
individuals who are responsible for issuing purchase orders would fall into the recording column). If a function is
performed by a computer application, then indicate “computer” or “IT” in the applicable column. If an individual
performs a function by using an IT application, make an “IT” notation (where applicable) to facilitate consideration
of the relevant application access controls.

Review the table for individuals whose names are listed in more than one column, and then determine whether
that represents a potential lack of segregation of duties. Also consider whether individuals are performing
incompatible duties within the same column (e.g., control procedures). If an individual is identified as performing
incompatible duties, all duties performed by that individual should be reviewed to determine whether the
effectiveness of those duties or whether there is a risk of fraud due to the lack of segregation of duties.

Completion of this table is intended to highlight potentially conflicting duties but is not intended to be the only
method of identifying all such conflicting duties. Additional reporting and review processes or spot checks may be
included to ensure identification of fraud.

8
8 Source: www.knowledgeleader.com
GUEST SERVICES: ROOMS

Custody of Control
Guest Services: Rooms Authorization Recording
Assets Procedures
Generate and modify rate tables.
Approve rate tables.
Create and modify guest accounts.
Monitor guest account changes.
Approve access to room guest service
transactions.
Maintain access to room guest service
transactions.
Process guest check-in.
Monitor guest credit.
Post rooms revenue.
Reconcile rooms revenue posted.
Post guest settlement/checkout.

GUEST SERVICES: BANQUETS

Custody of Control
Guest Services: Banquets Authorization Recording
Assets Procedures
Receive banquet deposits.
Post banquet deposits.
Authorize banquet contracts.
Generate and modify BEOs.
Capture additional charges.
Approve access to banquet service
transactions.
Manage access to banquet service
transactions.
Reconcile banquet charges to BEOs.
Approve credit limits/direct bills.
Post banquet revenue.
Reconcile banquet revenue posted.
Post guest settlements.

GUEST SERVICES: FOOD AND BEVERAGE

Custody of Control
Guest Services: Food and Beverage Authorization Recording
Assets Procedures
Enter and modify food and beverage
pricing.

9
9 Source: www.knowledgeleader.com
Custody of Control
Guest Services: Food and Beverage Authorization Recording
Assets Procedures
Approve pricing.
Open and modify guest checks.
Authorize voided checks.
Authorize comp/loss checks.
Review comp/loss checks.
Approve access to food and beverage
guest service transactions.
Maintain access to food and beverage
guest service transactions.
Monitor open checks.
Post food and beverage revenue.
Reconcile food and beverage revenue
posted.
Post guest settlement.

10
10 Source: www.knowledgeleader.com
NIGHT AUDIT/INCOME AUDIT

Custody of Control
Night Audit/Income Audit Authorization Recording
Assets Procedures
Generate revenue reporting.
Process credit card settlement
transactions.
Reconcile credit card settlement
transactions.
Approve access to perform
night/income audit procedures.
Maintain access to perform
night/income audit procedures.
Post revenue transactions to the
general ledger.
Reconcile revenue reporting to the
outlet charges.
Authorize revenue transaction
adjustments.
Reconcile revenue reporting to the
general ledger.

DIRECT BILL/INVOICE PROCESSING

Custody of Control
Direct Bill/Invoice Processing Authorization Recording
Assets Procedures
Initiate invoices.
Verify completeness and accuracy of
invoices.
Maintain AR records.
Reconcile AR records to the GL.
Review and approve monthly aged AR
trial balances.
Authorize write-offs of uncollectible
accounts.
Handle cash receipts from customers.
Apply cash.
Reconcile bank account to receipt.

CREDIT MEMO FUNCTIONS

Custody of Control
Credit Memo Functions Authorization Recording
Assets Procedures
Initiate credit memos.
Approve credit memos.

11
11 Source: www.knowledgeleader.com
Custody of Control
Credit Memo Functions Authorization Recording
Assets Procedures
Maintain credit memo records.
Reconcile AR records to the GL.
Control the accuracy, completeness of
and access to sales, AR and credit
memo programs and data files.

12
12 Source: www.knowledgeleader.com
SEGREGATION OF DUTIES: INVENTORY

A fundamental element of internal control is the segregation of certain key duties. Adequate segregation of duties
reduces the likelihood that errors (intentional or unintentional) will remain undetected by providing for separate
processing by different individuals at various stages of a transaction and for independent reviews of the work
performed.

The basic idea underlying segregation of duties is that no employee or group should be in a position to perpetrate
or conceal errors or fraud in the normal course of their duties. In general, the principal incompatible duties to be
segregated are:
• Custody of assets
• Authorization or approval of related transactions affecting those assets
• Recording or reporting of related transactions
• Execution of the transaction or transaction activity

In addition, a control over the processing of a transaction generally should not be performed by the same
individual responsible for recording or reporting the transaction.

The requisition, ordering, receiving, paying and general accounting activities need to be appropriately segregated
to meet all control objectives. For example, those who perform the ordering (purchasing) activity, including those
who maintain contact with outside suppliers and issue purchase orders, would not perform any receiving,
accounting or cash disbursement activities.

The duties to be considered in determining the adequacy of segregation of duties among those responsible for
sales transactions are listed in the following table. In smaller companies, these duties may also need to be
reviewed along with those of other functions, as some individuals may have responsibilities in more than one
area.

List the names of individuals responsible for each function in the column indicated (e.g., the names of the
individuals who are responsible for issuing purchase orders would fall into the recording column). If a function is
performed by a computer application, then indicate “computer” or “IT” in the applicable column. If an individual
performs a function by using an IT application, make an “IT” notation (where applicable) to facilitate consideration
of the relevant application access controls.

Review the table for individuals whose names are listed in more than one column, and then determine whether
that represents a potential lack of segregation of duties. Also consider whether individuals are performing
incompatible duties within the same column (e.g., control procedures). If an individual is identified as performing
incompatible duties, all duties performed by that individual should be reviewed to determine whether the
effectiveness of those duties or whether there is a risk of fraud due to the lack of segregation of duties.

Completion of this table is intended to highlight potentially conflicting duties but is not intended to be the only
method of identifying all such conflicting duties. Additional reporting and review processes or spot checks may be
included to ensure identification of fraud.

13
13 Source: www.knowledgeleader.com
RECEIVING AND INSPECTION

Custody of Control
Receiving and Inspection Authorization Recording
Assets Procedures
Authorize purchases.
Purchase inventory items.
Authorize receivers.
Match order sheets to invoice and
receiving documents.
Initiate invoice coding and approval
request forms (ICARFs).
Approve ICARFs.
Review ICARFs.
Reconcile inventory accounts payable
records with the general ledger control
amount.

QUANTITY VERIFICATION

Custody of Control
Quantity Verification Authorization Recording
Assets Procedures
Access perpetual inventory records.
Maintain perpetual inventory records.
Access physical inventory items.
Monitor access to physical inventory
items.
Reconcile perpetual inventory records
to on-hand quantities.
Conduct physical inventory counts.
Review and authorize results of
inventory counts.
Maintain and update inventory costs.
Post inventory adjustments.
Approve inventory accrual.
Post inventory accrual.
Reconcile the physical inventory counts
to the general ledger inventory
balances.

14
14 Source: www.knowledgeleader.com
SEGREGATION OF DUTIES QUESTIONNAIRE: PAYROLL

A fundamental element of internal control is the segregation of certain key duties. Adequate segregation of duties
reduces the likelihood that errors (intentional or unintentional) will remain undetected by providing for separate
processing by different individuals at various stages of a transaction and for independent reviews of the work
performed.

The basic idea underlying segregation of duties is that no employee or group should be in a position to perpetrate
or conceal errors or fraud in the normal course of their duties. In general, the principal incompatible duties to be
segregated are:
• Custody of assets
• Authorization or approval of related transactions affecting those assets
• Recording or reporting of related transactions
• Execution of the transaction or transaction activity

In addition, a control over the processing of a transaction generally should not be performed by the same
individual responsible for recording or reporting the transaction.

Timekeeping, handling the payroll cash disbursements, MIS and accounting for payroll need to be appropriately
segregated to meet all control objectives. Adequate segregation of duties reduces the likelihood that errors
(intentional or unintentional) will remain undetected by providing an accounting check over the payment of
salaries and wages.

The duties to be considered when determining the adequacy of segregation of duties among those responsible for
payroll transactions are listed in the following tables. In smaller companies, these duties may also need to be
reviewed along with those of other functions, as some individuals may have responsibilities in more than one
area.

List the names of individuals responsible for each function in the column indicated (e.g., the names of the
individuals who are responsible for issuing purchase orders would fall into the Recording column). If a function is
performed by a computer application, then indicate “computer” or “IT” in the applicable column. If an individual
performs a function by using an IT application, make an “IT” notation (where applicable) to facilitate consideration
of the relevant application access controls.

Review the table for individuals whose names are listed in more than one column, and then determine whether
that represents a potential lack of segregation of duties. Also consider whether individuals are performing
incompatible duties within the same column (e.g., control procedures). If an individual is identified as performing
incompatible duties, all duties performed by that individual should be reviewed to determine the effectiveness of
those duties or whether there is a risk of fraud due to the lack of segregation of duties.

Completion of this table is intended to highlight potentially conflicting duties but is not intended to be the only
method of identifying all such conflicting duties. Additional reporting and review processes or spot checks may be
included to ensure identification of fraud.

HR FUNCTIONS

Custody of Control
HR Function Authorization Recording
Assets Procedures

Maintain personnel files.

15
15 Source: www.knowledgeleader.com
Custody of Control
HR Function Authorization Recording
Assets Procedures

Approve access to personnel master


files.

Approve wage and salary increases,


hirings, and terminations.

Input wage and salary increases, hirings,


and terminations.

PAYROLL FUNCTIONS

Custody of Control
Payroll Function Authorization Recording
Assets Procedures
Control timekeeping.
Approve weekly timecards.
Adjust weekly timecards.
Calculate overtime pay.
Review weekly timecard adjustments.
Maintain personnel files.
Approve access to personnel master
files.
Authorize off-cycle payroll.
Calculate and post bonus reserves.
Review bonus reserves.
Approve wage and salary increases,
hirings, and terminations.
Maintain payroll journals.
Prepare payroll checks.
Approve the payroll.
Sign checks.
Review checks.
Distribute checks.
Control unclaimed payroll checks.
Reconcile payroll bank accounts.
Control the accuracy, completeness of,
and access to payroll programs and
data files.

16
16 Source: www.knowledgeleader.com
SEGREGATION OF DUTIES QUESTIONNAIRE:
PROCUREMENT AND ACCOUNTS PAYABLE

INTRODUCTION

Companies handle major expenditures through the procurement process. Besides being important to the bottom
line, purchasing interrelates with most other organizational activities and impacts overall organizational
efficiencies. Procurement control processes depend upon a healthy check-and-balance between business
activities involved in procurement, receipt and settlement of assets with suppliers.

A fundamental element of internal control is the segregation of certain key duties. The basic idea underlying
segregation of duties is that no employee or group should be in a position to perpetrate or conceal errors or fraud
in the normal course of their duties. In general, the principal incompatible duties to be segregated include:
• Custody of assets
• Authorization or approval of related transactions affecting those assets
• Recording or reporting of related transactions
• Execution of the transaction or transaction activity

An essential feature of segregation of duties is that no one employee or group of employees has exclusive control
over any transaction or group of transactions.

Many purchasing and related transaction processes are automated. Transaction processing systems usually
incorporate “blanket-style” parameters or controls that can lead to material leakage if minor oversights are
multiplied over thousands of transactions. Be advised that the ability to change parameters, override controls,
access administrator functions and edit/add/delete items may not be overtly apparent to supervisors or other
processing personnel.

The internal audit or procurement review team should consider how segregation of duties is incorporated into
enterprise resource planning (ERP) applications and related processes. Today, most companies use integrated
applications for components of procurement transactions that may span several modules or departments and
even extend to vendor/partner suppliers. Electronic data interchange (EDI) with external parties in the supply
chain should be incorporated into the project risk assessment and possibly into the scope of the audit plan.

The review team should consider the following three tiers of the overall procurement process:
• Operational (manual) and system/ERP controls (integrated process) review
• Policies and procedures for vendor selection, bidding/negotiation and partner/EDI approvals
• Remote or intradepartmental controls and related management support (feedback and reporting)

Audit teams are encouraged to use this form to help identify potentially commingled duties within each application
and related processes that may signal a control weakness. Often, a lack of segregation of duties can be masked
by the fact that processes or events happen at different times, including batch processing or access controls over
application processing tools. Any potentially conflicting duties should be noted and evaluated in the working
papers. In addition, instances when a duty is not performed may indicate a weakness in controls.

Additional reporting and review processes or spot checks may be included to ensure identification of fraud.

17
17 Source: www.knowledgeleader.com
MATRIX INSTRUCTIONS

The duties to be considered when determining the adequacy of segregation of duties, among those responsible
for procurement, are listed in the following chart.

This form has been designed to highlight conflicting duties performed by one individual.
• List the names of individuals responsible for particular duties in the appropriate column. For example, the
names of the individuals who are responsible for issuing purchase requisitions would fall into the recording
column.
• If a function is performed by a computer application, then indicate “computer” or “information technology (IT)”
in the applicable duty’s column. If an individual performs a system-automated function, make an “IT” notation
(where applicable) to facilitate consideration of the relevant application access controls.
Consideration: If “computer” or “IT” has been listed as performing a function, consider whether:
− The individuals authorized to enter transactions or adjustments perform other incompatible duties.
Then, consider whether the segregation of duties within the information technology department and/or other
controls result in effective segregation of duties.
− The organization has procedures to ensure that only authorized individuals can enter the
transactions or adjustments.
• After a form has been completed for each significant application, review the form for instances where one
individual is listed in more than one column and considered performing incompatible duties. Determine if these
combinations represent a potential lack of segregation of duties.
Consideration: Potentially incompatible duties would exist if one individual performs duties in more than one
category (authorization or approval, custody, or recording/reporting) or if an individual is responsible for
performing a control over the same transaction that the individual is responsible for recording/reporting.
However, not all instances where an individual performs duties in more than one column represent a lack of
segregation of duties.
• Consider whether individuals are performing incompatible duties within the same column (e.g., control
procedures).
Consideration: There is the possibility of a lack of segregation of duties within the same category (e.g., the
individual who authorizes credit also approves the write-off of uncollectable accounts).
• Consider recommendations to streamline inefficiencies, such as duplicate duties that may be identified, as the
segregation of duties is reviewed. Sometimes an aggregate review of systematic and manual processes
(analysis of cross-functional and interdepartmental lines of responsibility) uncover duplicate processing.

Note: Completion of this chart is intended to highlight potentially conflicting duties, not to be the only method of
identifying all such conflicting duties.

In general, the principal incompatible duties to be segregated are authorization, custody of assets, and
recording/reporting of transactions and execution. The basic idea underlying segregation of duties is that no one
employee or group of employees should be in a position to perpetrate or conceal errors or irregularities in the
normal course of their duties.

Effective segregation of duties reduces the likelihood that errors (intentional or unintentional) will remain
undetected by providing for separate processing by different individuals at various stages of a transaction and for
independent reviews of the work performed.

Control
Custody of
Transaction Process/Execution Authorization Recording Procedure –
Assets
Over Execution

Issue purchase requisitions.

18
18 Source: www.knowledgeleader.com
Control
Custody of
Transaction Process/Execution Authorization Recording Procedure –
Assets
Over Execution

Approve purchase requisitions.

Issue purchase orders.

Approve access to vendor master files.

Approve purchase orders.

Approve access to purchase-related


data files.

Issue debit memos to vendors.

Issue and sign receiving reports.

Match invoices to purchase orders and


receiving reports.

Distribute vendor invoice coding


accounts.

Approve voucher packages for payment.

Prepare checks.

Sign checks.

Mail checks.

Maintain purchase journals.

Maintain accounts payable records.

Reconcile the accounts payable records


(or the total of unpaid vouchers) with the
general ledger control account.

Once an individual is identified as performing incompatible duties, all duties performed by that individual should
be reviewed to determine the effectiveness of those duties or whether there is a risk of fraud due to the lack of
segregation of duties.

19
19 Source: www.knowledgeleader.com
RESULTS

The requisition, ordering, receiving, paying and general accounting activities need to be appropriately segregated
if to meet all control objectives. For example, those who perform the ordering (purchasing) activity, including those
who maintain contact with outside suppliers and issue purchase orders, would not perform any receiving,
accounting or cash disbursement activities.

Have any potentially conflicting duties been identified? Yes No

If potentially conflicting duties have been identified, note them below and either:
• Indicate below their effects on our evaluation of the controls over the purchase application, our assessment of
the risk of fraud and audit approach.
• Indicate where in the working papers their effects are considered (e.g., in control analysis documentation or
other preliminary fraud control testing).

SUMMARY

• In general, should any immediate internal control or other concerns be addressed?

Yes No Possibly If you checked “Yes” or “Possibly,” please describe:

__________________________________________________________________________________________

__________________________________________________________________________________________

• From your perspective, how can internal audit be more effective; add value; and provide service to you, your
staff and the organization? (Please be specific.)

____________________________________________________________________________________________

____________________________________________________________________________________________

Thank you very much for your time, effort and valued feedback.

Name Title Date

20
20 Source: www.knowledgeleader.com
SEGREGATION OF DUTIES QUESTIONNAIRE:
PURCHASING AND AP

A fundamental element of internal control is the segregation of certain key duties. Adequate segregation of duties
reduces the likelihood that errors (intentional or unintentional) will remain undetected by providing for separate
processing by different individuals at various stages of a transaction and for independent reviews of the work
performed.

The basic idea underlying segregation of duties is that no employee or group should be in a position to perpetrate
or conceal errors or fraud in the normal course of their duties. In general, the principal incompatible duties to be
segregated are:
• Custody of assets
• Authorization or approval of related transactions affecting those assets
• Recording or reporting of related transactions.
• Execution of the transaction or transaction activity

In addition, a control over the processing of a transaction generally should not be performed by the same
individual responsible for recording or reporting the transaction.

The requisition, ordering, receiving, paying and general accounting activities need to be appropriately segregated
to meet all control objectives. For example, those who perform the ordering (purchasing) activity, including those
who maintain contact with outside suppliers and issue purchase orders, should not perform any receiving,
accounting or cash disbursement activities.

The duties to be considered when determining the adequacy of segregation of duties among those responsible for
purchase transactions are listed in the following table. In smaller organizations, these duties may also need to be
reviewed along with those of other functions, as some individuals may have responsibilities in more than one
area.

List the names of individuals responsible for each function in the column indicated (e.g., the names of the
individuals who are responsible for issuing purchase orders would fall into the recording column). If a function is
performed by a computer application, then indicate “computer” or “IT” in the applicable column. If an individual
performs a function by using an IT application, make an “IT” notation (where applicable) to facilitate consideration
of the relevant application access controls.

Review the table for individuals whose names are listed in more than one column, and then determine whether
that represents a potential lack of segregation of duties. Also consider whether individuals are performing
incompatible duties within the same column (e.g., control procedures). If an individual is identified as performing
incompatible duties, all duties performed by that individual should be reviewed to determine the effectiveness of
those duties or whether there is a risk of fraud due to the lack of segregation of duties.

Completion of this table is intended to highlight potentially conflicting duties but is not intended to be the only
method of identifying all such conflicting duties. Additional reporting and review processes or spot checks may be
included to ensure identification of fraud.

Custody of Control
Duty Authorization Recording
Assets Procedure
Issues purchase requisitions.
Approves purchase requisitions.
Issues purchase orders.
Approves access to vendor master files.

21
21 Source: www.knowledgeleader.com
Custody of Control
Duty Authorization Recording
Assets Procedure
Approves purchase orders.
Approves access to purchase-related
data files.
Issues debit memos to vendors.
Issues and sign receiving reports.
Matches invoices to purchase orders
and receiving reports.
Distribute vendor invoice coding
accounts.
Approves voucher packages for
payment.
Prepares checks.
Signs checks.
Mails checks.
Maintains purchase journals.
Maintains accounts payable records.
Reconciles the accounts payable
records (or the total of unpaid vouchers)
with the general ledger control account.
Controls the accuracy, completeness
of, and access to purchasing and
accounts payable programs and data
files.

22
22 Source: www.knowledgeleader.com
SEGREGATION OF DUTIES QUESTIONNAIRE: REVENUE

A fundamental element of internal control is the segregation of certain key duties. Adequate segregation of duties
reduces the likelihood that errors (intentional or unintentional) will remain undetected by providing for separate
processing by different individuals at various stages of a transaction and for independent reviews of the work
performed.

The basic idea underlying segregation of duties is that no employee or group should be in a position to perpetrate
or conceal errors or fraud in the normal course of their duties. In general, the principal incompatible duties to be
segregated are:
• Custody of assets
• Authorization or approval of related transactions affecting those assets
• Recording or reporting of related transactions
• Execution of the transaction or transaction activity

In addition, a control over the processing of a transaction generally should not be performed by the same
individual responsible for recording or reporting the transaction.

The order entry, credit, shipping, billing, collecting, credit memo, MIS and general accounting activities need to be
appropriately segregated to meet all control objectives. For example, those who perform the order entry (sales)
activity, including those who maintain contact with customers and issue sales orders, should not perform any
credit approval, shipping, billing, cash receipts, credit memo or accounting activities.

The duties to be considered when determining the adequacy of segregation of duties among those responsible for
sales transactions are listed in the following chart. In smaller companies, these duties may also need to be
reviewed along with those of other functions, as some individuals may have responsibilities in more than one
area.

List the names of individuals responsible for each function in the column indicated (e.g., the names of the
individuals who are responsible for issuing purchase orders would fall into the Recording column). If a function is
performed by a computer application, then indicate “computer” or “IT” in the applicable column. If an individual
performs a function by using an IT application, make an “IT” notation (where applicable) to facilitate consideration
of the relevant application access controls.

Review the table for individuals whose names are listed in more than one column, and then determine whether
that represents a potential lack of segregation of duties. Also consider whether individuals are performing
incompatible duties within the same column (e.g., control procedures). If an individual is identified as performing
incompatible duties, all duties performed by that individual should be reviewed to determine the effectiveness of
those duties or whether there is a risk of fraud due to the lack of segregation of duties.

Completion of this table is intended to highlight potentially conflicting duties but is not intended to be the only
method of identifying all such conflicting duties. Additional reporting and review processes or spot checks may be
included to ensure identification of fraud.

Custody of Control
Duty Authorization Recording
Assets Procedure
Issues sales orders.
Approves credit.
Approves access to credit-related data
files.
Authorizes shipments.

23
23 Source: www.knowledgeleader.com
Custody of Control
Duty Authorization Recording
Assets Procedure
Prepares shipping documents.
Handles inventories for shipment.
Prepares billing.
Verifies billing.
Approves access to pricing-related data
files.
Accounts for the numerical sequence of
sales invoices.
Maintains the sales journal.
Maintains accounts receivable records.
Reconciles the accounts receivable
records with the general ledger control
account.
Reviews and approves the monthly
aged accounts receivable trial balance.
Prepares monthly customer statements.
Reviews and follows up on customer
inquiries and differences.
Handles cash receipts from customers.
Authorizes write-offs of uncollectible
accounts.
Controls the accuracy, completeness
of, and access to sales and accounts
receivable programs and data files.

24
24 Source: www.knowledgeleader.com

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy