Segregation of Duties in a Small Government: What Really Matters (and What to Do When You’re Short-Staffed)

If you work in a small city, village, school district, or county, you’ve probably heard this phrase more times than you can count:

“You need better segregation of duties.”

Easy to say. Much harder to implement when one person is responsible for most—or all—of the accounting work.

The good news?

Segregation of duties is about reducing risk, not achieving perfection. Even small governments with limited staff can build strong controls when they understand what truly needs to be separated and how to layer compensating controls when separation isn’t possible.

This post breaks it down in plain language—for both finance staff and CPAs advising small governments.

What Is Segregation of Duties (and Why It Matters)?

Segregation of duties means no single person should control all parts of a financial transaction from start to finish.

The goal is to reduce:

• Errors going unnoticed

• Fraud going undetected

• Over-reliance on one individual

In government, this matters even more because you’re handling public funds and are accountable to taxpayers, boards, and oversight bodies.

The Core Functions That Should Be Separated

At a high level, segregation of duties focuses on separating four key functions:

1. Authorization – Approving transactions

2. Custody – Having access to cash or assets

3. Recording – Entering transactions into the accounting system

4. Reconciliation/Review – Verifying transactions and balances

Ideally, no one person should handle more than one of these for the same transaction.

Key Areas Where Segregation of Duties Matters Most

1. Cash Receipts

Best practice:

• One person opens mail or receives payments

• A different person records receipts

• Another person reconciles the bank account

Common risk in small governments:

• One person receives checks, records deposits, and does the bank reconciliation

Why it matters:

• Cash is the most susceptible to misappropriation

• Errors or missing deposits may never be detected

2. Disbursements (Accounts Payable)

Best practice:

• One person enters invoices

• Someone else approves payments

• A separate person signs checks or releases ACH payments

Common risk:

• The same person enters invoices, prints checks, and signs them

Why it matters:

• Creates opportunity for unauthorized or duplicate payments

3. Payroll

Best practice:

• One person prepares payroll

• Another reviews payroll reports before processing

• Someone independent reviews payroll changes (new hires, rate changes)

Common risk:

• One person sets up employees, processes payroll, and posts entries

Why it matters:

• Payroll errors and ghost employees can go undetected

4. Bank Reconciliations

Best practice:

• Performed by someone who does not handle cash or disbursements

Common risk:

• The bookkeeper who processes everything also reconciles the bank

Why it matters:

• Reconciliations are often the only detective control catching errors or fraud

What If One Bookkeeper Does Almost Everything?

This is reality for many small governments, and auditors know it.

When duties can’t be fully separated, the focus shifts to compensating controls.

These don’t eliminate risk, but they significantly reduce it.

Effective Compensating Controls for Small Governments

1. Independent Review by Management or the Board

Even if leadership isn’t “accounting-minded,” review still matters.

Examples:

• Monthly review of bank statements and reconciliations

• Review of check registers before or after payment

• Review of budget-to-actual reports with follow-up questions

The key is documented review, not just a quick glance.

2. Dual Signatures or Payment Approval

• Require two signatures on checks over a threshold

• Use ACH approval workflows where one person initiates and another approves

This adds a second set of eyes before money leaves the entity.

3. Restricted System Access

Limit what a single user can do in the accounting system:

• Separate “enter” and “approve” permissions where possible

• Restrict the ability to create vendors and issue payments

• Periodically review user access rights

Even small system tweaks can reduce risk.

4. Board-Level Transparency

Provide the governing board with:

• Detailed financial reports

• Check registers

• Budget variance explanations

Visibility alone is a deterrent.

5. Periodic Spot Checks

Management or another employee can:

• Randomly select transactions and trace them to support

• Review vendor changes

• Compare cleared checks to approved invoices

Unpredictability with these checks matters.

What Auditors Are Really Looking For

For CPAs advising clients:
Auditors aren’t expecting small governments to operate like large ones.

They’re asking:

• Do you understand where the risks are?

• Are there controls in place to mitigate them?

• Is there evidence those controls are actually happening?

A documented review by a superintendent, administrator, or board member often makes a meaningful difference.

Strong Controls Are About Intentional Design

Segregation of duties in a small government isn’t about checking every box.
It’s about designing a system that makes errors and fraud harder—and easier to detect.

Even with:

• One bookkeeper

• Limited staff

• Tight budgets

You can still build a control environment that is reasonable, defensible, and effective.

For governments: focus on transparency and review.
For CPAs: help clients design controls that actually fit their size and structure.

Good controls don’t require more people.
They require more intention.