Segregation of Duties and Cash Related Challenges for Small Organizations

As CPA’s we are frequently asked to serve as Treasurers for small volunteer organizations (i.e.: home owners associations, alumni associations, professional associations, etc.).  One of the biggest challenges facing these and other small for-profit organizations is how to properly segregate duties in order to prevent or detect fraud or errors. Segregation of duties is the concept of having more than one person required to complete a task. When organizations have too few resources to effectively segregate key duties, leadership can take steps to mitigate the risk by incorporating best practices into their cash receipts and cash disbursements processes.

In the cash receipts process, the 1) Payment Receipts, 2) Bank Deposit, and 3) Recording roles should be segregated to ensure funds are not intercepted between receipt and deposit of cash and checks payments. 

  • When possible, someone other than the Treasurer should receive and document all cash and check receipts. This prevents one person from having sole knowledge of all incoming funds. This role could effectively be performed by an Office Manager.
  • If cash receipts for the organization offset Accounts Receivable, someone other than the Treasurer at the company should send routine reminders to customers with outstanding balances. If payments were received, but not recorded by the Treasurer, the customer will likely reach out to the sender to confirm receipt of payment.

In the cash disbursements process, the 1) Authorization, 2) Payment, 3) Bank Reconciliation, and 4) Recording steps should be segregated to ensure funds are only disbursed to authorized vendors for approved amounts.

  • One other individual should have view only access to the bank account and routinely review transactions. Occasional inquiries further ensure that the Treasurer knows their activity is observed and acts as a preventative control against fraud. If possible, this individual could also perform monthly bank reconciliations.
  • Receipts for all payments should be stored in a location where one other person can routinely review for reasonableness. This would typically be the same person who has view only access to the bank account. For instance, the bank account may show a payment to an office supply vendor, which is reasonable. However, upon review of the receipts, this other individual may note that the purchase included several personal items. By requiring receipts to be stored in a location accessible by this other individual, this serves as both a preventative and detective control for the company.
  • Someone other than the Treasurer should have sole access to setup all new vendors in the Accounting System. This prevents the Treasurer from recording payments for unauthorized vendors. 

Aside from cash receipts and cash disbursements, the following best practices should be considered to further mitigate the risks associated with a small organization.

  • Consider cross-training one other person to perform the Treasurer’s duties and then have them perform those duties during the Treasurer’s vacations to ensure the process operates as anticipated.
  • At least quarterly, one other individual should review a Budget to Actual report and Current Year to Prior Year Activity report.  All variances should be explained by the Treasurer.

Implementing new processes is not only time consuming but also challenging, especially in a very small accounting department. Communication of the benefits of preventative and detective controls is key so that all employees understand why the controls have been implemented.

Outside consultants are beneficial in the implementation phase to prevent the Treasurer function from feeling singled out by management. Clearview Group can help explain the benefits and reasons process changes in the cash handling process must be implemented to protect the company’s assets.  Contact or 410-415-9700 to help you ensure your control environment has the right level of segregation on duties.

More in Risk & IT Risk Advisory