​​​​​​​
COVID-19 (coronavirus): For the latest COVID-19 news, updates and advice from the Australian Government, visit Australia.gov.au
You are here: Skip breadcrumbAttorney-General's Department >> Integrity >> Counter fraud >> Fraud countermeasures >> Segregation of duties are applied

 Segregation of duties are applied

Prevention shield icon Previous page Next page

Summary

Segregation of duties (also known as separation of duties) is the concept of having more than one person required to complete a task. Effective segregation of duties is achieved by disseminating tasks and associated privileges for a specific business process among multiple users.

Segregation of duties are very important in areas such as, payroll, finance, procurement and contract management, and human resources.

Strong segregation of duties controls are enforced by systems.

Examples

Some examples of this type of countermeasure include:

  • A staff member who can create and maintain vendor records cannot also process invoices.
  • The same staff member cannot make, acquit and reconcile credit card payments.
  • Multiple staff are required to be involved in approving and processing grant payments.
  • One staff member orders assets from suppliers and another staff member confirms the delivery of the assets in the accounting system.
  • One staff member records the payroll information in the system and another staff member verifies the calculation.

Purpose of this countermeasure

Staff or contractors can abuse their position of trust to process fraudulent requests or claims for themselves or another person. Staff or contractors can also be coerced to process fraudulent requests or claims for another person or entity, e.g. pressured to pay a fraudulent invoice.

Staff or contractors can also abuse their position of trust to access and disclose official information without authority.

Acting dishonestly or influencing a Commonwealth public official to commit fraud are offences under the Criminal Code Act 1995.

Allowing a single individual to complete multiple functions that should be segregated can lead to:

  • fraudulent payments
  • unauthorised access, manipulation or disclosure of information
  • poor management of decision-making and risk.

For example, allowing a staff member to create a vendor, record an invoice, pay the invoice, and reconcile the payment can lead to the creation of fake vendors and fraudulent payments.

Fraudsters can also take advantage of unsegregated duties to conceal their activities.

Dependencies

This type of control is supported by:

How do I know if my countermeasures are effective?

You can apply the following methods to measure the effectiveness of these types of countermeasures:

  • Consult staff or subject matter experts about segregation or duties processes. Confirm they have a correct understanding of their purpose.
  • Confirm the existence of segregation or duties within the system.
  • Review procedures or guidance to confirm it clearly specifies where segregation or duties should apply.
  • Obtain and review requirements for how duties should be segregated.
  • Review processes for requesting user permissions. Confirm the request processes would identify conflicts in segregation of duties. Actively test processes if required.
  • Confirm request and approvals processes are consistently applied.
  • Confirm that someone cannot override or bypass segregation of duties, even when pressure or coercion is applied.
  • Undertake quantitative and qualitative analysis of user permissions to confirm if a single individual can complete multiple functions that should be segregated.
  • Review a sample of completed requests/claims to confirm the segregation of duties were applied on all occasions.
  • Undertake vulnerability testing or a process walk-through to confirm that segregation of duties are enforced.
  • Confirm the existence of a review and reconciliation process. Review the reports.
  • Review any past access breaches to identify how they were allowed to occur.

Back to top

Previous page Next page​​

​​​​Commonwealth Fraud Prevention Centre logo​​​​​​​​