Segregation of Duties

Segregation of duties (SoD) is an internal control principle that divides critical financial functions among multiple individuals to prevent fraud, errors, and unauthorized transactions — ensuring that no single person controls all phases of a financial process from initiation through recording to reconciliation. In accounts payable, SoD dictates that the person who creates a vendor record should not be the same person who approves invoices, initiates payments, or reconciles bank statements. Similarly, in accounts receivable, the person applying cash receipts should be separate from the person issuing credits or write-offs. The Association of Certified Fraud Examiners (ACFE) reports that organizations with proper SoD controls experience fraud losses 50% lower than those without — with median occupational fraud losses reduced from $150,000 to $75,000 per incident. For small businesses with limited staff, achieving full SoD can be challenging, but compensating controls — such as management review of bank reconciliations, dual authorization for payments above threshold amounts (commonly $5,000–$10,000), and automated workflow approvals — provide meaningful risk mitigation. Quadient AP automation enforces SoD by design through configurable role-based access controls, multi-level approval matrices tied to invoice amounts and GL coding, and system-enforced separation between vendor master data management, invoice approval, and payment execution. Audit firms evaluating SOC 1 and SOC 2 controls consistently identify SoD weaknesses as the most common deficiency in mid-market companies, and financial statement auditors under SAS 99 are required to assess SoD as part of their fraud risk evaluation procedures.