Implement Segregation of Duties for AP in Four Steps

Access denied

Fraud and errors are costing businesses big.

In its 2022 annual report on occupational fraud, the Association of Certified Fraud Examiners (ACFE) reported that employee fraud costs companies an average of $1,783,000 per case. The ACFE estimates that businesses worldwide lose 5% of their revenue to employee fraud each year.

Of the companies that reported being victims of employee fraud, 29% did not have internal accounts payable controls.

Segregation of duties (SOD) is a key element of internal controls in accounts payable. In a nutshell, segregation of duties for AP means preventing incompatible duties where fraud or errors might occur:

  1. no single person is in charge of financial transactions and payments processes, and
  2. at least two people oversee every transaction and payment.

With these controls in place, your business can mitigate the risk of fraud and errors and avoid being the next victim of fraud. In this podcast episode, Rachita Sundar, SVP- Finance at HubSpot, explains how planning is the key to reducing business risk.

In this guide, we’ll talk about why you need SOD, how you can set it up in your organization, and how accounts payable automation can increase the effectiveness of your internal controls.

Why Do You Need Separation of Duties in Accounts Payable?

The penalty for knowingly filing misleading or fraudulent financial statements under the Sarbanes Oxley Act can include fines up to $5 million and imprisonment.

The penalty for knowingly filing misleading or fraudulent financial statements under the Sarbanes Oxley Act can include fines up to $5 million and imprisonment.

Segregation of duties helps minimize the risk that a business doesn’t achieve its goals, provide accurate and trustworthy financial data, and ensures compliance with laws and policies. From an audit standpoint, separating duties in the procure-to-pay cycle is a vital component of a system of internal controls to mitigate risk in accounts payable functions.

Without adequate SOD controls, a business may not be able to detect, prevent, or mitigate fraud and errors. With only one individual responsible for a payment process, clerical errors and unauthorized transactions may not be detected and remedied. Since accounts payable departments typically handle large amounts of money, these discrepancies could result in substantial financial losses for the company.

If the business issues incorrect financial statements, it may also face regulatory action, penalties, and lose reputation and trust. Inadequate SOD could also result in increased audit requirements, especially if it is revealed the business has significant deficiencies in its controls and financial reporting.

Failing to implement effective segregation of duties in accounts payable is a risk no business can afford to take.

Risk Management and Mitigation

More control means more eyes on the payments process and less risk. By implementing separation of duties and a system of checks and balances across the procure-to-pay function, a business can significantly reduce risk exposure. Here are some of the key areas where SOD can help manage and mitigate risks for your business:

Fraud Detection and Prevention

Fraud Detection and Prevention

Fraudulent activity is the biggest risk facing accounts payable departments. In a 2022 study by PwC, 38% of businesses with less than $100 million in revenue reported they had experienced fraud in the past 24 months – 22% of those businesses reported losses of $1 million.

Payment fraud includes misappropriation of assets, cash skimming, check tampering, over-reporting payments to suppliers, misplacing, forging, or modifying invoices and receipts, and recording misleading information in accounting records.

The basic principle of preventing AP fraud is to ensure that no employee (or group of employees) is in a role where they can commit and hide fraud while performing their job. By making multiple employees accountable for AP tasks, segregation of duties helps detect and control internal and external fraud. It also serves as a deterrent to prevent employees from attempting fraud, as there is always a chance another employee will notice and report the fraud.

Preventing and Controlling Errors

Errors can occur in even the most efficient payment process. Unfortunately, errors can cause duplicate or late payments and overpayments if they aren’t caught. They can also result in your financial records containing incorrect information, leading to an audit or regulatory action against your business. Segregation of duties ensures that the proper checks and balances are in place to detect and correct errors when they happen.

Preparing for Audits

Reducing errors and fraud improves your financial recordkeeping, making your company better prepared for an audit. SOD helps ensure your records are in order by eliminating discrepancies like duplicate and short payments, late fees, and other errors.                 

With these benefits in mind, let’s look at how segregation of duties can work in accounts payable.

How Segregation of Duties Works in Accounts Payable

AP departments process large numbers of invoices and have the authority to approve and make payments to suppliers. This makes AP teams particularly vulnerable to fraud and errors, especially if the team is relying on manual processes. Segregation of duties is one of the most effective ways to safeguard and control activity in your payments process to reduce fraud and errors and increase the accuracy of your record keeping.

Segregation of duties for accounts payable means assigning AP tasks to multiple employees, so one employee isn’t in sole control of payment processes, and at least one other person reviews every payment. The best way to achieve this is the separation of duties by function. For example, employees with custody of assets (cash, checks, payment cards) should not be able to approve purchases, nor should they be able to make accounting entries.

Ideally, these purchasing and accounts payable duties should be performed or overseen by more than one person:

Starting a transaction – creating a purchase order or requisition, or purchasing a product or service, handling cash receipts

Approving a purchase – approval levels and roles should be clearly defined in the expense policy

Entering or recording transactions – recording transactions, updating the general ledger, preparing transactions for payment, making journal entries

Processing transactions – preparing invoices for payments, making a check run, issuing payments

Approving payments or signing checks – employees involved in purchasing or processing payments should not approve payments, sign checks, or make cash transactions

Reconciling bank statements – staff members who enter, record, or approve transactions should not handle bank reconciliations, access accounting records, or be a signer on bank accounts

You can use this basic overview to create roles and a framework for setting up segregation of duties in your own accounts payable department. For most businesses, implementing SOD follows a four-step process.

Four Steps to Implementing Segregation of Duties

Follow these four steps to implement and manage segregation of duties in your AP department:

Step 1: Establish Policies and Procedures

If you haven’t already, map out your procure-to-pay cycle and flag the tasks that should be performed by separate employees. You can use this list as a guide:

Purchasing Tasks – purchasing functions and approvals should always be kept separate

Confirmation of Delivery – the employee who purchased the product or service should not be the same one who confirms it was delivered.

Reviewing Invoices and Vetting Vendors – Vendors should be vetted, and invoices should be reviewed and approved before the invoices are entered into the system for payment. The employee who made the purchase should not be the one who reviews the invoice or vets the vendor.

Paying Invoices – Invoice payment by electronic payment, ACH, or cash should only be made by an authorized employee.

Signing Checks – The employee who signs checks should not be responsible for issuing payment.

Step 2: Create a Segregation of Duties Matrix

Once you have identified the tasks in your procure-to-pay process, build a matrix listing the tasks and roles in your AP department and identifying areas where a SOD conflict might exist. Here is a simplified example of how to define and segregate tasks in a fictional AP department with four employees:

The green boxes indicate tasks where there is no SOD conflict. For example, Employee 1 is authorized to verify and enter invoices into the payment or accounting system.

Create a Segregation of Duties Matrix

The red boxes indicate tasks where a SOD conflict exists. For example, Employee 2 is authorized to approve payments, so they should not be verifying and entering invoices, issuing payments, or updating accounting records.

Step 3: Assign Tasks to Employees

After identifying SOD conflicts, the next step is to assign, or reassign tasks to your employees, which ensures effective separation of duties.  For tasks where SOD isn’t possible, look at how you can implement compensating controls to help manage risks.

Step 4: Monitor and Manage

Periodically review your AP processes and your accounting records to ensure that segregation of duties is being maintained.  

These steps will help you establish a basic level of control in your AP department. For larger companies with many employees, the procure-to-pay process may be very complex and difficult to manage manually. In these cases, AP automation is an excellent way to streamline processes and ensure effective separation of duties.

Ensure Separation of Duties With Accounts Payable Automation

The manual approach to the segregation of duties is effective but difficult to scale as your business grows and your processes become more complex. Oversight becomes very difficult as you add employees and tasks, and things could slip through the cracks.

An alternative solution is to implement accounts payable automation from Stampli. Automation gives you total control and visibility over your payment processes so that you can implement effective and scalable segregation of duties across your AP functions.

Automation has several key advantages over manual SOD processes:

Segregation of Visibility

AP automation platforms can restrict which roles can see data and information associated with payment workflows. This provides a higher level of access control and security than manual processes by ensuring that employees can only see the information they need to perform their tasks. For example, an employee responsible for entering invoices can be restricted from seeing if an invoice has been approved or paid.

Access Control

Automation enforces segregation of duties by ensuring that employees only have access to the functionality they need to carry out their tasks. For example, employees with access to payments systems could be restricted from accessing ERP or accounting systems, which lessens the likelihood of fraud.  You can easily create, assign, and modify roles in real-time, so when you change your segregation of duties framework, the change is immediately implemented across your organization.

Integration with Business Systems

Platforms such as Stampli seamlessly integrate with information systems, ERP, and accounting systems to accommodate your accounting and procurement processes. This provides a higher level of control over SOD. For example, if you already have a roles matrix set up within your ERP, you can save a lot of time by importing it into your AP platform.

Empower AP with Stampli

Stampli is a complete AP automation platform that brings AP communications, documentation, and payments in one place to give you total control over AP processes.

With Stampli, you can enforce effective segregation of duties to mitigate fraud and reduce errors by using standard and customizable roles and permissions. Stampli is certified compliant with SOC 2 Type 2 – invoices are stored and auditable along with all associated actions, decisions, and attachments. Stampli provides detailed audit logs, a real-time management dashboard, and detailed reports to give you complete visibility and control over your AP process.

Stampli features include collaboration. Using our Collaboration Hub, you can centrally send, track, share, and view invoice communications directly on top of the invoice. Easily add teammates to the conversation to review, verify, and approve invoices.

Contact us today to schedule a free demo!

Ready to Talk?

Take the first step towards better Accounts Payable.
Meet with one of our AP experts.