Job rotations and vacations as internal controls
Job rotations and vacations continue to be effective internal controls. A September 30, 2020 article in the Scotsman newspaper (the Article) was a recent reminder of this fact. The article explains that embezzlements, which had gone on for more than eight years, began to unravel and were ultimately discovered after the embezzler’s manager announced plans to rotate staff to give them broader experiences.
Job rotations have many advantages, one of which, as the article demonstrates, is acting as a catalyst for uncovering misdeeds. But there are other advantages. Job rotations facilitate the training of a backup person to provide coverage for the planned or unplanned absence of the person with the primary responsibility for a role. The availability of backup coverage also facilitates other internal controls, including appropriate segregation of duties, because there are more options for allocating responsibilities.
As the manager in the article identified, job rotations can broaden other team-members’ experiences. Job rotations can expose team-members to roles and responsibilities periodically if the organization cannot accommodate a promotion or permanent reassignment into a position that matches the individual’s interest or skill set. A job rotation used in this manner is a helpful retention tool, because an employee may be more satisfied with intermittent exposure to a position, compared to leaving the organization to gain this exposure.
Job rotation is also a way of introducing a diversity of experiences and procedures into a role, albeit again, intermittently.
Job rotations and vacations share similar purposes. Many frauds, embezzlements, and other breaches of internal processes and internal controls come to light after the person with primary responsibility for a role goes on vacation, and someone else does that person’s job. The backup may then unearth fudged reconciliations, teeming and lading (for instance, applying one customer’s payments to another’s to cover shortfalls arising from embezzlement) and other practices used to conceal frauds and errors.
By the same token, it is a red flag when an employee refuses to take a vacation, at all, or for any extended period. Employees who are concealing misdeeds are usually reluctant to hand over their tasks and responsibilities to someone else.
Consequently, many organizations that recognize the value of vacations as an internal control, have vacation policies making it mandatory for employees to take at least one break lasting between one and two weeks, at minimum, every year.
Other organizations may define the mandatory vacation periods by reference to procedures. They may require, for instance, that at least one vacation per year results in the employee’s missing a month-end close. This means that someone else will get the opportunity to develop skills in critical month-end processes and at the same time, a chance to uncover breaches of internal controls that would otherwise remain concealed.
Mandatory vacation policies apply depending on the risks associated with a particular role. They are common in financial institutions and roles dealing with cash, payroll and other high-risk areas.
The vacation policies and practices of the more evolved organizations recognize the wellness benefits associated with extended time away from work. Employees who take their vacations and unplug, typically report higher levels of job satisfaction, engagement, creativity and other positive outcomes.
Admittedly, COVID-19 and the associated travel restrictions have disrupted many plans for job rotations and vacations. Even absent travel restrictions, this is a disruptive and uncertain time that has upended vacation plans, both from the perspective of employees and employers.
However, to the extent possible, and with due regard to the laws governing vacation leaves, employers should continue to encourage vacations during this period, given the benefits of doing so. If that is not possible, then employers should consider mitigating controls, for instance, increased reviews and supervision and job rotations. Job rotations may be possible notwithstanding remote work and other changes in the way businesses must operate during a pandemic.
Policies and procedures are essential, but the work required to create and maintain them can seem daunting. Finance and Accounting PolicyPro, Not-for-Profit PolicyPro, and Information Technology PolicyPro, co-marketed by First Reference and Chartered Professional Accountants Canada (CPA Canada) contain sample policies, procedures, checklists and other tools, plus authoritative commentary to save you time and effort in establishing and updating your internal controls and policies. Not a subscriber? Request free 30–day trials of Finance and Accounting PolicyPro here, Not-for-Profit PolicyPro here, and Information Technology PolicyPro here.