Sunday, October 7, 2018

Segregation of duties in finance function

The most common activities that are performed in finance and accounts on almost daily basis are making, reviewing and approving of transaction w.r.t following

  1. Expenses towards  purchases of all types of materials, capital goods, projects, software, consultancy services  and services rendered by service providers  and fixed expenses and overheads
  2. Revenue from sale of end products, their spares & after sale services  in case of manufacturing industry  and service income  from rendering  of services in case of service industry 
  3. Raising of funds, non-current liabilities and current liabilities
  4. Non-current assets and current assets   

For carrying out various finance function related activities (vis a vis revenue, expense, funds raising, non-current & current liabilities as also non-current assets and current assets), the process of assigning user rights, particularly in ERP environments, is a pretty complex and usually involves five steps as below
  1. Identifying Fields to which access to be  given - Examples: company code, company name, plant code, plant name, cost centre, chart of accounts, fiscal year, account document type, GL account number, amount in document, document serial number like invoice no, purchase order number etc
  2. Identifying configuration tables to which access to be given - Examples:-
    1. GL accounts group - share capital, sales revenue, material expenses,    employee costs etc 
    2. Tax Keys - output tax, input tax etc
    3. Valuation Area - plants, ware houses etc
    4. Posting account types - asset customer,vendor,material etc
  3. Identifying Masters to which access to be given. Examples: General Ledger  account master, Customer master, Vendor master, employee master etc
  4. Identifying Workflows or navigation transaction codes to which access to be given - Examples: Issuing shares, Borrowings, making investments, capitalising, booking expenses etc 
  5. Assigning roles to users based on combination of above - In this 5th  step, each finance individual user is assigned access to combination of configuration tables, masters, workflows & documents considering granularity at field  level i.e.a) create b) edit or modify c) view d) delete e) approve 
Segregation of duties
The roles assigned to any finance individual user need to be such that these are appropriate to user's position/level, skill, competence. The roles are to be assigned so that segregation of duties is accomplished to ensure that there are no conflicts of duties or incompatibility in roles .

 Fraud prone role assignments in Finance & Accounts function  
 It is possible that there may be some collusion of company employee with following
  • Other employees
  • Vendors
  • Channel partners/customer 
  • Business associates

In case of such collusion, cardinal principle of "segregation of duties" may get compromised, leading to following types of scenarios by assigning conflicting rights to same one individual

  1. Creating  purchase voucher  related to  incoming supplies, authorising it and thereafter   releasing payments to vendor
  2. Creating sales voucher  related to product invoicing, authorising it, and thereafter   crediting channel partner/customer account 
  3. Creating sales return voucher related to  product, authorising it, and thereafter   crediting channel partner /customer account
  4. Creating warranty voucher  related to defective part, authorising it, and thereafter   crediting channel partner/customer account 
  5. Creating journal voucher towards expenses, authorising it, and thereafter    crediting employee towards expenses
  6. Creating journal voucher towards share money receipt, authorising it and thereafter    crediting shareholder towards amount
  7. Unblocking account of vendor/service provider/contractor  who is black listed and thereafter making payment to vendor/service provider/contractor
  8. Making credit note favouring a vendor without any supporting reason and thereafter   making payment to vendor/service provider/contractor
  9. Removing payment block of specific vendor without any proper authorisation and thereafter   making payment to vendor/service provider/contractor
  10. Making fixed asset acquisition payment voucher favouring vendor and thereafter   making payment to vendor/service provider/contractor
  11. Amending the finance copy of purchase order (in finance ERP/software system) with retrospective rate increase, without any authorisation and thereafter making enhanced payment to vendor/service provider/contractor
  12. Creating / editing payment terms in the vendor masters and thereafter releasing payment to vendor much earlier than due date.