A fundamental component of internal control is the separation of duties for high-risk transactions. The underlying separation of duties concept is that no individual should be able to execute a high-risk transaction, conceal errors, or commit fraud in the normal course of their duties.
You can apply separation of duties at either a transactional or an organizational level. For example, payroll has access to employee financial records, but only payroll managers can approve raises.
Answer the following question(s):
- How do you define a high-risk transaction?
- If you were a security professional in a company, what are four roles (two sets of two related roles) you would separate and why? Provide examples not mentioned in the description for this discussion.
Fully address the questions in this discussion; provide valid rationale for your choices, where applicable; and respond to at least two other students’ views.
A fundamental component of internal control is the separation of duties for high-risk transactions. The underlying separation of duties concept is that no individual should be able to execute a high-r
Geethanjali Gaddam Week 4 Discussion COLLAPSE Top of Form A high-risk transaction can be defined as when areas where an organization collects its revenue that is susceptible to attacks from both internal and external sources, with valuable items get stolen in the end, and is a term used in internal control whereby an organization uses to measure the efficiencies and effectiveness of being compliant with regulations and laws, and financial reporting (Akhmetshin et al, 2018). This leads to instances which are termed as fraud. Vendor fraud, valuable and cash items, banking transactions, and payroll fraud are the areas that are more than likely for fraud to happen. One of the major signs of fraud happening in an organization is when an employee provides financial documents late. This might be due to the employee coming up with false figures in order to account for some missing figures in the financial records. Another instance that might point to financial fraud is when a staff member seems to be living beyond his or her own means. This could mean that the staff member may be using the organization’s funds illegally to pay for personal items or lifestyle. This may be due to the staff exploiting a vulnerability in the organization’s financial system such as the payroll or banking systems that provides that particular staff with an unmeasurable supply of cash or valuable items without being detected by the system. High-risk transactions need to be approved by an organization’s top-level committee (board members) or the chief executive officer (CEO) since it might result in untold losses to the organization if not properly executed. High-risk transactions should also not be executed by a single individual in an organization since that may make the organization face the risk of financial fraud perpetrated by the single individual or errors coming from the individual’s inefficiencies or miscalculations. A lot of organizations suffer from financial fraud due to one or two individuals having being tasked with handling financial documents. This may lead to these individuals having to take advantage of a vulnerability, loophole, or exploit in the system and commit financial fraud. As a security professional, I would separate four roles that are related to the financial department, and further separate them into 2 sets of related roles (Kamaruddin & Ramli, 2017). The first set of roles that I would separate is that an individual who receives money through post in a post office in the organization would be different to the person who a person who opens the post. This will help in avoiding instances whereby an individual is tasked with receiving and opening of posts in the company. The individual might open some posts containing money and may record a false figure in order to compensate for the missing money. However, by having to individuals working as the receiver and opener of posts each, chances of this type of fraud are very hard to occur since the two individuals will have to account for any missing money, post, or financial record when one of the two individuals already recorded to have received or opened the post. The second set of roles I would separate is the financial department and the internal audit. This is because the financial department may have committed financial fraud and if the two departments had the same person as the head of the departments, might collude to cook up figures in order to account for missing data. This will ultimately result in the financial fraud remaining undetected and the company experiencing financial loss. However, by separating the two departments, it is very hard for the financial department employees to influence the auditing process, thereby resulting in efficient auditing by the internal audit department. Bottom of Form Mark DeVita Week 4 Discussion COLLAPSE Top of Form I would define high-risk transactions as any transaction or privileged allowances that could subject the company to great loss either financial, reputation, or even risk to human safety. First regarding Financial risk, I would establish a workflow (Wortman, 2017) where through an implementation of control software, a second set of electronic workflow based approvals can be established. I would first target an implementation of this around the signing of purchase orders, where one role is a purchase order requestor, and the next role is a purchase order approver. This would prevent fraudulent situations around procurement of hardware, or software for personal use, without checks and balances. This workflow based approach can be used for any financial transactions over a certain dollar amount. Second regarding the human safety risk, If we worked for a manufacturing company for example, I would establish a workflow around the physical security of a manufacturing plant, Where one role would be machine operator, that programs the assembly robots to do certain tasks. The second role would be machine manager who would approve a workflow before the commands are executed to the assembly line protecting the workers from potential harm. The manager role would be a person versed in the safety aspects of the assembly line and would know which sequence the robots must work in to protect the assembly line and the workers from harm. He or She would serve a quality control function to ensure no mistakes were made in the programming of the robots before the commands are sent to the assembly line. Bottom of Form