Objective:
To manage the risk associated with hospital purchasing processes by establishing appropriate segregation of duties and delegation of authority
Definition
Effective internal control in an organization includes both the segregation of duties and delegation of authority across functions and individuals. Within the organizational supply chain function, segregation of duties prevents any one person from controlling the entire purchasing process by segregating the approvals for the key stages of the supply chain process, such as requisitions, commitments and payments.
An organization’s delegation of authority defines approval levels corresponding to job roles within the organization’s hierarchical structure and ensures that every individual’s approval authority is commensurate with the responsibility level for each job.
Rationale
Segregation of duties and delegation of authority are essential controls within the plan-to-pay process. Together, they ensure integrity of the process by reducing exposure to inappropriate, unauthorized or unlawful expenditures.
Benefits
Financial Stewardship
A standardized purchasing approval process provides the necessary financial controls to ensure expenditures are appropriate and authorized.
Risk Management
Segregation of duties and delegation of authority minimize risk to an organization of unauthorized and inappropriate spending.
Related Metrics
3.6 Percentage of Invoices with Purchase Orders
3.7 Percentage of Invoice Matches
Guiding Principles
Roles and responsibilities for authorizing purchases must be clearly assigned and delineated. The board of directors/executive committee should formally delegate approval authority to the appropriate employees throughout the organization and ensure that adequate segregation of duties exists for all purchasing activities. Assigned authority levels should be commensurate with the responsibility level of each job and the level of risk to the organization.
Procedures should be in place to ensure that authority levels are kept current and reflect any changes in organizational structure, functional alignment and roles.
Key Components
Segregation of Duties
There are typically five supply chain functions that require approval:
| Function | Explanation | Who |
|---|---|---|
| Requisition | Authorize the supply chain department to place an order | Customer requesting the product or service |
| Budget | Authorize that funding is available to cover the cost of the order | Departmental budget holder |
| Commitment | Authorize release of the order to the supplier and commitment to agreed contract terms | Purchasing role in the supply chain department |
| Receipt | Authorize that the order was received and was correct and complete | Individual receiving the goods |
| Payment | Authorize release of payment to the supplier | Accounts payable role within the finance team |
It is considered leading practice to segregate at least three of these functions: commitment, receipt and payment. Responsibilities for these functions should lie with different departments or at a minimum by different individuals. Where an individual making a requisition also has responsibility for the budget, the receipt should be the responsibility of someone in a separate part of the organization.
Delegation of Authority
Proper delegation of authority should be in place to support the organization’s supply chain management objectives. Dollar value levels for authorization of each of the above functional areas by job role should be established by the organization. For instance, the senior supply chain executive normally has a high level of authority to commit the organization to purchases. To maintain adequate control, however, it is considered good practice to ensure that the signature of a co-approver is
required for transactions over certain thresholds.
Even when individuals are assigned a high level of authority, the segregation of duties should ensure that no one individual can have complete and unlimited authority over an entire transaction life cycle.
Commitment
Commitment is a critical authority as it binds the organization to pay the supplier providing the goods or services according to the agreed terms. Whereas payment authority is generally assigned to one area — the finance department — commitment authority may be assigned to individuals in many different areas. Across an organization, commitment levels should be documented and agreed to according to job function and responsibilities.
Commitment levels would normally be organized into two distinct types.
- Purchase expenses covering goods and services. Commitment levels for these types of expenses are often divided into capital and non-capital expenditures.
- Departmental expenses covering travel, accommodation and sundries.
Commitment documents such as purchase orders or supply contracts must be signed and approved by employees with delegated financial authority sufficient to cover the total transaction cost.
Some organizations will establish distinct commitment levels for goods versus services, reflecting the fact that ensuring proper receipt of services is more complex than physical goods. Authority for departmental expenses is often delegated to multiple employees, with commitment levels varying according to job function and role.
Method of Authorization
Effective organizations establish a specific authorization process for purchases. For example, a buyer with adequate authority would be required to sign the face of the purchase order to confirm commitment and provide authorization to the supplier. Similarly, an individual with commitment authority in the supply chain department would be required to sign a supplier contract to authorize the commitment. The methods adopted should be outlined in the purchasing policies and procedures and also communicated to suppliers.
Exceptions should be documented and included in the purchasing policies and procedures. Organizations will likely have provisions for emergency situations and low dollar value policies. For instance, financial authority is not required for payment of individual purchases made via blanket orders, provided the blanket order itself has been approved.
Implementation Challenges
Challenges:
- Supply chain staff should revisit current authority and approvals to ensure consistency with standard and put procedures in place to ensure compliance. The standard should not create complex processes so as to encourage “work around” and non-compliance. The process should be created with the intent of creating minimal extra work.
- Appropriate communication is required organization-wide on authority and approval limits to ensure staff understands policies and procedures, implications and penalties for non-compliance, and that the policy is also for their protection.
