Volunteers working together at a food bank
Article

How not-for-profits can evaluate segregation of duties during the continuing “Great Resignation”

Early 2021 started the “Great Resignation”, an ongoing economic trend in which employees voluntarily resigned from their jobs in masses. According to the U.S. Department of Labor, between 4.1 and 4.5 million employees quit their job each month through September 2022, and estimated totals for 2022 will surpass the 47.4 million people who quit their jobs in 2021. While these vacancies are being felt across all organizations, not-for-profits have been hard hit with lacking manpower resulting in stretched team members, both paid and volunteers, and fewer services delivered. With employees and volunteers taking on additional responsibilities, nonprofits should evaluate segregation of duties (SOD) around key processes to ensure effective operations.

Segregation of duties is a fundamental element of internal controls, which requires more than one person to complete certain key duties to prevent fraud and errors. There are four types of functions under the concept of segregation of duties:

  1. Authorization
  2. Custody
  3. Record keeping
  4. Reconciliation

The ideal work environment would prevent one person from handling more than one type of function for any process. Utilizing volunteers and/or board members is a viable option for not-for-profits with limited staff. They can play a key missing role, such as being a check signer, second count for a deposit, or assist with a reconciliation. Talk with your board members and volunteers on the roles you might need and see if they have the background/capabilities to help. Addressing SOD shortfalls as soon as possible will help not-for profits maintain the transparency and the integrity that donors are looking for.

Risks

Potential risks to a not-for-profit with a lack of segregation of duties includes:

  • Fraud – A single employee performing all functions within a process leaves no oversight and gives opportunity to commit fraud undetected.
  • Errors – Little oversight of a process means errors are not detected timely.
  • Inefficiency – Involving multiple employees in a process allows tasks to be allocated giving individuals time to focus on other tasks across multiple areas.

These risks can cause significant damage to an organization such as fraudulent payments, inaccurate financial statements, or delayed month-end close.

A real-world example

An example of this would be the accounts payable process. A standard process for functions under accounts payable would be:

  1. Authorization – invoice is authorized for payment
  2. Custody – access to bank account to make payments
  3. Record keeping – ability to record invoice and payment into general ledger
  4. Reconciliation – comparing general ledger to cash and accounts payable transaction details

Job responsibilities and system/bank access should be reviewed periodically to ensure no employees perform more than one of these functions. If an employee does perform multiple functions, there is an increased risk of undetected errors and opportunity to misappropriate assets or conceal misstatements.

Steps to take now

If it is determined that an individual has been performing multiple functions within a process, the organization should set up compensating controls to mitigate risks until responsibilities can be adjusted. Examples of compensating controls can include periodic reviews of audit trail for transactions recorded to the general ledger, or review of exception reports.

It is critical that processes such as information technology (IT) and accounting evaluate SOD regularly to prevent inappropriate transactions. To document and evaluate SOD, a policy and matrix should be created outlining roles and responsibilities within the organization. Access roles within key systems should be monitored and evaluated regularly. With manpower limitations, systems can provide good preventative controls when setup appropriately.

For more information on this topic, or to learn how Baker Tilly risk advisory-specialized Value Architects™ can help, contact our team.

The information provided here is of a general nature and is not intended to address the specific circumstances of any individual or entity. In specific circumstances, the services of a professional should be sought. Tax information, if any, contained in this communication was not intended or written to be used by any person for the purpose of avoiding penalties, nor should such information be construed as an opinion upon which any person may rely. The intended recipients of this communication and any attachments are not subject to any limitation on the disclosure of the tax treatment or tax structure of any transaction or matter that is the subject of this communication and any attachments.

Related sections

planning meeting
Next up

Complex claims process: recalls, third-party claims and CPI/CGL/STP crossover