|
But worst of all, they are at risk for creating justifications for less-than-professional performance. I'm not thinking about just fraud (though this attitude is very much at the heart of embezzlement and other acts of personal gain at the expense of the company), but about the impact to professional levels of service delivery. When feeling overwhelmed, "what is best or important" gets put aside for addressing "what is urgent." Just looking to one's own personal life provides a rich series of examples where important is sacraficed for urgent - poor eating habits, less/no exercise, lack of sleep - all given up for things that feel urgent at the time, but have limited long-term value. We sometimes get sloppy and lose our focus. Not malicious, just a simple error. Companies work like this too, and just like our own personal well-being, someone has to stop and evaluate what is important versus what is urgent. In a rush to chase the next big opportunity, get the books closed, or just keep up with the processing of so many transactions, companies lose site of what is important to keep up with what is urgent. In this way, a controls or audit function seems to work like a wellness coach for corporate processes and structure, serving as an independent professional to help keep companies mindful of what is important. Segregation of duties simply defined by U of U means that no single individual should have control over two or more phases of a transaction or operation. Management should assign responsibilities to ensure a crosscheck of duties.Checks and balances, oversight. While processing business transactions or wrapping things up is urgent, being mindful that we all make careless mistakes is a duty we all have to the companies we support. A simple challenge question to evaluating segregation of duties is this: If I make an error in my work, will someone downstream of me detect it before it becomes a major issue for management and shareholders to read about? By breaking apart tasks (approvals, recording, processing, reconciling results), companies increase the likelihood that they can detect unintentional errors in their results before it's too late. Labels: segregation of duties
|
subscribe
to this feed
through my yahoo! 
August 2004 September 2004 October 2004 November 2004 December 2004 April 2005 May 2005 June 2005 September 2005 October 2005 November 2005 December 2005 February 2006 May 2006 September 2006 October 2006 November 2006 December 2006 February 2007 March 2007 May 2007 January 2008 February 2008 April 2008
|
||
|
|||
Great Article, compact and very useful, I liked the small tipp on how to approach the question of desiigning SoD (Segregation of Duty) controls. As simple as it may seem, this question recenters the use of controls on what they have been actually initially designed for. Another observation is that motivating the need for companies to implement some part of a governance strategy by using controls, because controls enable them to recenter on the most important and not to forget to only do business in the quickest way possible, is very valuable. Why? Because most companies only started to do some compliance management after laws have been voted which force them to do so, and even for some of them can have bad repercussions on the business. Not many companies think of implementing controls as a necessity for them to simply make their business processes better. An example: if a company wants to be compliant to a quality management standard, why not doing this by implementing corresponding controls (and by extension policies too). This way controls can be regarded as concretely helping making the business better (because of compliance to quality standards).
You may want to check my Blog from time to time, where I among other things tackle compliance management questions: http://marwaninaltum.blogspot.com/.
Marwane El Kharbili.
I have a specific case wanting to check. As I have seen many company implement purchasing process like this: warehouse people do goods receiving process, sign on goods receiving report (GRR). Suppliers then provide GRR plus invoices to Accounting department.
My question is: what would happen if warehouse people get invoices directly from suppliers, then send it to Accounting?. Is there any risk when following this practice?.
Thanks