When a single individual carries out all stages in a process with no checks, the potential exists for errors to be made or for fraud to occur. This may have a number of results, including financial loss (it is often not possible to recover payments made in error); reputational damage which could impact research funding and potential student applicants; and inaccurate information on the financial statements. In addition, there could be consequences for individuals making errors. This control exists to protect individuals as much as the University.
When establishing their processes, therefore, departments should give careful consideration to the roles allocated to each person involved in the process.
There are some areas where segregation must be achieved, for example expense claims must always be authorised by someone other than the claimant. There are, however, some areas where smaller departments may struggle to achieve segregation. Where segregation cannot be achieved, as an alternative it is important to consider what monitoring controls can be put in place to pick up possible errors and discourage fraud through likely discovery. For example, you might undertake a review of transactions where all steps in the process have been completed by the same individual. Whilst this may not possible in all cases it is embedded in some processes. For example, in the purchase to pay (P2P) process in departments where requisitions are raised, approved and receipted by the same person, transactions should be checked to ensure that they are legitimate by running the P2P Audit Report.
Even in small departments it may still be possible to achieve segregation of duties. For example, the finance team does not need to raise requisitions. These can be raised by the individual requiring the purchase and used as the means of communicating their request. An appropriate individual would then authorise the requisition. Departments are encouraged to think carefully about achieving segregation of duties wherever possible. It is often easier to achieve the control up front rather than carry out retrospective checks.
Key segregation of duties considerations for departments
|Advances, expenses and other payments
||All forms must be authorised by someone other than the claimant/requestor.
|Cash and banking
||Staff who are responsible for reconciling cash to underlying records such as till logs and daily cash received logs must not have created the records being reconciled, nor have had access to the cash, either directly or via the custody of a safe key.
|Managing capital projects
||Staff responsible for the authorisation, management, or reconciliation of a project should not also enter individual project transactions onto Oracle financials.
Staff must not authorise their own claim forms or have their claim forms authorised by a close relative.
Changes to an individual’s appointment which affect their pay should be authorised by an approver.
Staff authorised to count and reconcile the petty cash should not be the same as the persons keeping the cash float.
Staff should not review, check or authorise their own petty cash expenditure or claims.
|Purchase to pay
||Requisition preparation, approval and receipting, should be completed by a minimum of two people.
||Staff who authorise the sales price must not also raise the applicable invoice in Oracle Financials.