An important topic within internal controls is the segregation of duties, which says that one person should not have excessive control within the company. This could potentially lead to fraud. Furthermore, if they make an error, there would be no one to catch their mistake.

We divide the segregation of duties into three different categories:
• Authorization
• Recording
• Custody

First, let’s discuss custody. The custody function revolves around who has physical access. For example, regarding a check that we receive, who holds that check and has the authority to deposit it? The person with custody is the one who has physical access to that check.

The second function is the recording function. Recording involves who is entering the information into the accounting system. Who is making the actual journal entries? The person with the recording function mustn’t have the custody function. If they’re recording a check into the software, they should not also have physical access to deposit the check.

Imagine if an employee had both the recording function and the custody function and decided to commit fraud. They could falsely record in the accounting system that the customer never paid us, write off the accounts receivable balance, and then take the check and deposit it into their personal account. They could easily commit fraud and then cover it up.

The third function of the segregation of duties is authorization. Authorization involves who is allowed to approve transactions. For instance, whenever a customer is requesting to return something they purchased, who has the authority to approve that transaction? If someone had both the authorization and the custody function, they could create a fake return that doesn’t exist. Then, the company would need to refund money to that fictitious customer. The employee could then deposit that check into their personal account.