Subscribe
About

Separation of duties is essential in South African businesses

Implementing a BPM system means that segregation of duties is built in and there's oversight of all functions, helping to reduce the risk of errors.
Denis Bensch, chief information officer, FlowCentric Technologies.
Denis Bensch, chief information officer, FlowCentric Technologies.

Dismal financial management and control appear to have become par for the course in the South African public sector. The Auditor-General’s latest municipal audit results for the 2017-18 financial year seem to support this opinion. And, it would appear that the country’s private sector is also not immune to the scourge of fraud and corruption.

In light of this, Denis Bensch, CIO of FlowCentric Technologies, maintains that the only way organisations in both the public and private sectors will be able to combat fraud and corruption is to focus more on prevention of the crime.

“It’s important to make it as difficult as possible for fraud to be perpetrated in the first place," he says. "One way to do this is to have the correct processes and controls in place. One of these, which seldom receives the attention it deserves, is the separation of duties.” 

Segregation of duties is one of the key concepts involved in the implementation of overall internal control within an organisation. It requires the separation of functions with, for example, one employee having custody of an asset; a second being able to authorise the use of that asset; and a third to keep the record of assets. 

It also requires the separation of various parts of what some may regard as a single task into different duties to be handled by different employees: placing an order with a supplier; receiving the order into stock; and paying the supplier.

Although individual employees may be able to see the steps before or after their task, they cannot change information that has already been captured in the system.

“Because it requires at least two people to collude in order to hide a fraudulent transaction, segregation of duties can help to prevent fraud or theft. However, it also means that there will be oversight and review of all functions, thus helping to reduce the risk of errors,” Bensch explains.

As the American Institute of CPAs points out, segregation of duties is “a basic building block of sustainable risk management and internal controls for a business. The principle … is based on shared responsibilities of a key process that disperses the critical functions of that process to more than one person or department. Without this separation in key processes, fraud or error risks are far less manageable.”

Fraud in SA

In his June 2019 report, Auditor-General Kimi Makwetu lamented that the financial situation in municipalities throughout SA was deteriorating, with only 18 municipalities managing to receive a clean audit, compared to 33 municipalities in the previous year.

“Not only did the unqualified opinions on the financial statements decrease from 61% to only 51%, but the quality of the financial statements provided to us for auditing was even worse than in the previous year,” Makwetu said.

In the private sector, things are not much better. “White collar crime” or “economic crime” is also starting to reach alarming proportions. This doesn’t only encompass spectacular, well-publicised events such as the Steinhoff collapse (the result, presumably, of corporate manipulation and fraud on a massive scale), but also to smaller, often covered-up events across businesses of all sizes and from all sectors of the economy.

The South African edition of PwC’s 2018 Global Economic Crime and Fraud Survey found that a “staggering” 77% of South African organisations have experienced economic crime. Nearly half of all frauds suffered by South African companies were perpetrated by people inside their organisations, and over two-thirds of the South African respondents said losses due directly to their most disruptive fraud could reach US$1 million in the year ahead.

The cost of economic crime for business usually goes way beyond the actual amount lost in the crime. Nearly 20% of organisations have had to spend between twice and 10 times as much on investigations as the amount lost in the first place. In addition, CEOs and the board of directors are increasingly being held accountable for white collar crime within their organisations.

Of great concern is the fact that the high level of internal crime far exceeds that attributable to external factors such as cybercrime (29%) and consumer-perpetrated economic crime (42%).

The most common type of economic crime/fraud experienced in SA is what PwC defines as asset misappropriation (49%), followed by procurement fraud (39%). Also featuring high in the mix are HR fraud (23%) and accounting fraud (22%).

“Reducing the risk of these types of crime occurring, or even their prevention, can be achieved by instituting watertight internal controls,” Bensch notes. “With the right controls in place, even the 20% of internal fraud that was allegedly committed by senior management, according to the PwC survey, could be prevented or considerably curtailed.”

So, for example, segregation of duties could require different individuals to be responsible for the hiring of staff and the setting of compensation, thus helping to reduce the common practice of hiring cronies at inappropriate salaries, or even the hiring and payment of “ghost” employees.

“By adding additional upstream supervision to a function, it means attempts at corruption can be picked up and prevented. This supervision could also pick up incidents of human error. What’s required, therefore, is the implementation of a business process management (BPM) system with appropriate business rules and workflows that ensure segregation of duties is strictly maintained, while simultaneously not impeding and slowing down the entire process unnecessarily,” Bensch says.

Bensch concludes: “What can really help in this situation is the implementation of a BPM system. All good BPM systems work on the allocation of work or tasks to roles. This means that segregation of duties is built in. Additionally, it provides detailed auditing of who did what and when, and speeds up the process. All these things are in great demand in SA.“

Share