Doesn't Understand or Doesn't Care - Tip 3 of 5 for Improving SOD

When I was young, my grandfather bought me a dog. I named him Cecil T. McCoy. He really enjoyed running in the woods and chasing rabbits. He was a beagle, after all, and hunting rabbits was in his blood.

However, this became a problem when he came to live with me. I grew up in a large Baton Rouge neighborhood with landscaped yards, but not a whole lot of woods. Cecil had a nice big dog house in our back yard shaded by a couple of cypress trees, but being a country dog, he missed having the ability to roam.

Cecil escaped all the time, and the fence around the yard did little to deter him. He would dig under it or climb over it. He even figured out how to open the latch on the gate. Luckily, he had a collar with our phone number on it, so people would call us to come get him whenever he escaped. We always worried about someone taking him or even worse, that he would be hit by a car. Cecil didn’t understand that by keeping him fenced in, we were just trying to keep him safe.

Likewise within our organizations, when we develop and implement segregation of duties (SOD), there are reasons for the separate duties. But, there are always people who, like Cecil, choose to ignore the SOD and attempt to get around it through various means. And like Cecil people can unintentionally sabotage a perfectly planned and implemented SOD. While some people just don’t care, usually, they simply don’t understand the reason for SOD and the importance of their role in it.

For instance, as a part of SOD, a manager must review and approve all invoices related to their area prior to payment. This is a critical step in the payment process because the person in accounting making the payment assumes the manager has confirmed that the goods or services were received and that the vendor charged the proper amount. However, there are managers who choose to ignore this crucial task and approve all invoices without reviewing them because they don’t understand the process. The manager may think that their role is a waste of time because they mistakenly believe that someone in accounting is also reviewing invoices and matching them to the original contract or purchase order.

In light of these issues, here are several ways to enhance SOD and build a better fence for your organization:

1. Training should be provided to new employees related to their role in SOD and to explain why it is important. Additionally, periodic training should be provided to reinforce the message. Most employees do not understand why they do the things they do. Once they learn the why, they become more engaged in the process.
2. By using the organization’s accounting system, automate as many controls as possible. The quantity and price of items on a purchase order can be matched to a receipt ticket, which are both matched to an invoice. This places a great deal of responsibility on the people creating and approving the purchase order and enhances the need for strong SOD within the procurement process.
3. Upper management can evaluate a user’s activity through specialized monitoring reports. This will work only if management is willing to take action against employees who aren’t performing their role in the SOD.
4. Change the SOD to take the person out of the process. This is the most extreme case but is a solution to address the “problem” person. This removal doesn’t necessarily mean firing them, but could instead involve redesigning the SOD so that another person takes the “problem” person’s responsibilities.

People are the most critical part of any organization’s control environment. Create a strong SOD and make sure the people in your organization understand and care about their roles in the process. Only then will they be less likely, like Cecil, to roam free. Unfortunately, Cecil never understood why we had a fence. He escaped one last time and no one ever called us to pick him up.

Stay tuned. Collusion is coming next week.

 For weekly insights into fraud, please sign up here: