What is Segregation of Duties?
Segregation of duties (SoD) is an internal control principle that divides critical tasks among different people so that no single individual can both execute and conceal a fraudulent act. The four core areas to separate are authorisation, custody of assets, recording, and reconciliation.
How It Works
- Identify high-risk processes such as cash disbursement, payroll, and inventory.
- Map each step in the process and assign it to a specific role.
- Ensure no single person controls two or more incompatible functions (for example, approving and recording a payment).
- Where staff is limited, introduce compensating controls such as supervisor reviews and system audit trails.
Saudi Context
SOCPA-aligned auditors test segregation of duties as part of every Saudi statutory audit. ZATCA inspections of large taxpayers also examine SoD around VAT collection and payment workflows, and the Capital Market Authority requires listed companies to document SoD in their internal control reports.
Example
In a Saudi SME, the accountant prepares supplier payments, the finance manager approves them, and the owner signs the bank transfer. Bank reconciliations are done by a separate accountant who has no payment authority, so no single person can issue and conceal an unauthorised disbursement.