3.2.1 Separation of duties
The general principles that govern effective separation of duties can be summarised as follows:
- separate custody of assets from accounting
- separate authorisation of transactions from custody of related assets
- separate duties within the accounting function
- separate operational responsibility from record keeping responsibility.
The term ‘separation of duties’ implies that one person’s work serves as a complementary check on another’s. This definition covers the concept that no one person should have complete control over any transaction from initialisation to completion. Having adequate separation of duties has a major impact on ensuring that transactions are valid and recorded properly.
Adhering to all these principles may not be possible due to resource limitations or other considerations. In these cases, the risk resulting from inadequate separation of duties should be assessed to ensure that the level of exposure is acceptable to CO management. In many cases, compensating controls exist to reduce risk. In other cases, additional resources may need to be sought to increase controls.