Response Post: Segregation of Duties

The control environment of the audit client is incredibly important to understand, as the control environment may be viewed as the foundation for the other internal control components; it is defined by the standards, processes, and structures that guide individuals in carrying out their duties. This general idea includes various aspects of maintaining independence, such as having a commitment to integrity and ethical values, having a board of directors that demonstrates independence from management and exercises effective oversight of internal control, establishment of effective structure, and more.

There are various limitations to internal controls, however, as we are all human. For example, mistakes may be made in the performance of controls as a result of a misunderstanding of instructions, mistakes of judgment, carelessness, distraction, or fatigue. Errors in judgment also may occur in designing, maintaining, or monitoring controls.

Segregation of Duties is another crucial aspect of audit work. It is the general idea that, to avoid fraud and error, critical duties should be segregated among many individuals. For example, in an IT environment, no one individual should perform more than one of the functions of authorizing transactions, recording transactions, and maintaining custody over assets. Otherwise risk is significantly increased.

Finally, using IT and audit software in an audit can primarily benefit clients and auditors by significantly reducing the threat of audit error. A proper audit software can mainstream huge parts of the audit, such as identify and record all valid transactions, describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions for financial reporting, and measure the value of transactions in a manner that permits recording their proper monetary value in the financial statements.