Segregation of Duties: Reduce Organizational Risk with Workflows and Permissions in Sage Intacct
December 18, 2018
The AICPA defines the principle of Segregation of Duties (SOD) as “being based on the shared responsibilities of a key process that disburses the critical functions of that process to more than one person or department”. Stated more plainly, it is the idea that both errors and the possibility of fraud can be reduced if certain core responsibilities are divvied up. Modern ERP systems, like Sage Intacct, have extremely customizable workflows and security permissions which allow any organization to take steps to reduce these risks. Here are two good examples of the SOD principle, followed by how the system can accommodate them:
- Different users approving and paying AP bills: this control will help prevent the possibility of fraud by assigning the approvals to different users, as well as providing additional oversight of cash disbursements. Modern ERP systems can be configured with multiple approval workflows to provide flexibility within the approval process in order to handle different situations (e.g. having a dollar threshold that triggers different approval workflows depending on the amount of the bill). The risk of fraud and error can be greatly reduced by designing the system to require up-front approvals for an AP bill, followed by a different user approving the cash disbursement, and finally having the system automatically print a check with the signature if the organization’s designated check signer once all required approvals are received. Additionally, the system will maintain a detailed audit trail to quickly provide answers to questions and information to auditors.
Example of Multiple Purchasing Workflows:
Setting up an Approval Policy for the ‘Purchase Order’ Workflow:
- Different users authorizing payments and reconciling bank statements: setting up the system to separate these duties can reduce the risk of a user paying a fraudulent check and then approving it. The audit capabilities of a modern accounting system can then show who authorized the payment and who performed the reconciliation. Once again, providing quick answers to questions that could require a lot back and forth without a modern day accounting system.
The division of responsibilities coupled with the flexibility of modern day accounting systems to support these processes provides organizations with the ability to setup internal controls and monitor their effectiveness more easily than ever. This allows for organizations to put in preventative measures to protect themselves before problems arise, saving time and reducing risk.
Please reach out to our Sage Intacct implementation specialists with any questions on how to optimize your segregation of duties as well as your approval workflows.