The most common question in small nonprofit accounting is some version of this: how do you segregate duties when there is only one person to do everything?
The honest answer is that you cannot achieve full SoD with one accountant. The principle requires splitting authorization, custody, and recording across different people, and you cannot split those functions across one person. What you can do is build compensating controls that reduce risk to an acceptable level without requiring headcount you do not have.
This guide covers what compensating controls actually look like in a one-accountant environment, why email approvals alone are not sufficient, and the specific changes that provide the most protection for the least operational burden.
The Problem With Your Current Setup
If you are entering bills, printing checks, stamping signatures, mailing checks, and reconciling the bank statement, you hold all four SoD functions simultaneously:
Authorization: You approve transactions by initiating them without independent sign-off before action.
Custody: You handle the physical checks, stamp the signature, and mail them. Even if the stamp belongs to the CEO, physical control over the signed instrument is custody.
Recording: You enter transactions into QuickBooks.
Reconciliation: You verify your own work against the bank statement.
This is not a criticism of your trustworthiness. The point of SoD is not that you are likely to commit fraud. The point is that this structure creates an opportunity for error or fraud to go undetected, because the same person who makes a mistake or commits a fraud is also the person reconciling the accounts and verifying that everything looks right.
The risk is structural, not personal.
Why Email Approvals Are a Compensating Control, Not a Full Solution
Email approvals are a reasonable starting point. They are better than nothing. But they have specific weaknesses you should understand before relying on them.
Nothing structurally prevents you from acting without approval. The approval email is a voluntary process. In a genuine internal control, the system prevents the transaction from completing without the required approval. With email, you can print checks whether or not an approval email has arrived. The control depends entirely on you choosing to wait.
No structured audit trail. An inbox search is not a queryable record. During an audit, if you need to demonstrate that checks printed after approvals were received, you are reconstructing a timeline from email metadata rather than producing a system-generated log with timestamps.
Approvals can be ambiguous. An email that says "looks good" does not cryptographically bind the approver to the specific check run with the specific amounts on a specific date. The correspondence is easy to misread or misattribute.
Timing cannot be independently verified. If a check is printed at 10am and the approval email arrives at 11am, you can see the timestamps, but nothing in the system prevented the early action.
None of this means you should abandon email approvals. It means you should treat them as one layer of a compensating control framework, not as the control itself.
The Compensating Controls That Provide Real Protection
These are ordered by impact. Implement the highest-impact ones first.
Control 1: Director Receives Bank Statements Directly
This is the single most powerful compensating control for your situation and the one most frequently cited by auditors and nonprofit financial advisors.
Have the bank send statements directly to the director or a board member's email or address. They review every cleared check, the payees, the amounts, and the check images before you ever see the statement for reconciliation purposes.
Even if you entered a fictitious bill, printed a check, stamped it, and mailed it, the canceled check image will appear in the bank statement. An independent reviewer who sees every cleared check will catch an anomaly before it continues. This detective control catches problems after the fact, but it catches them quickly enough to be meaningful.
Implementing this: contact your bank and change the statement delivery to the director's email directly. Make sure this is a bank-level setting, not just a forwarded copy.
Control 2: Eliminate the Signature Stamp
The signature stamp is the highest-risk element of your current setup. Physical control over a signed check is physical control over the funds. The fact that the signature belongs to the CEO does not matter operationally if you are the one applying it.
Options for eliminating the stamp:
Option A: Print unsigned checks and mail them to the director for physical signature and mailing. This adds time but creates a genuine separation between initiation (you) and release (the director).
Option B: Switch to online bill pay or ACH through your bank, with the director as a required second approver in the banking portal. This is the most practical solution for a remote accountant and provides a system-level control rather than a voluntary one.
Option C: Implement Positive Pay with your bank. You transmit the list of checks you issued, and the bank rejects any check presented for payment that is not on your issued-check file. This does not separate duties but significantly reduces the fraud risk from altered or counterfeit checks.
Option B is generally recommended for remote setups. The director approves payments in the banking portal, which creates a structural requirement rather than a process that depends on compliance.
Control 3: Structured Pre-Check Approval with Documentation
Your proposed workflow of sending a check list to the director before printing is reasonable. Strengthening it:
Send a structured list before each check run that includes vendor name, invoice number, invoice date, invoice amount, and a link or attachment to the supporting document. The director must explicitly approve, not just stay silent. Save the approval email thread with timestamps.
Set a dollar threshold: invoices or payments above a certain amount require individual invoice review by the director rather than just appearing on the batch list.
Document the process in your accounting manual so it is a defined procedure, not an informal practice.
Control 4: Independent Reconciliation Review
If you prepare the bank reconciliation, someone else should review it. They do not need to prepare it, but they should receive the bank statement directly (covered above), review your completed reconciliation against that statement, and sign off.
The sequence matters: the reviewer should see the bank statement before you prepare the reconciliation, so they have seen the raw data independently. Then they review your reconciliation for completeness and accuracy.
At minimum: the director reviews the completed reconciliation monthly. Ideally: the bank statement goes to the director first, then to you for reconciliation.
Control 5: Director Approval for New Vendors
Since you can both create vendors and process payments to them, vendor setup is a specific SoD conflict. The same person who creates a vendor can create a fictitious one and pay them.
Implement a process where you email the director with the vendor name, contact information, and reason for adding before any new vendor is created in QuickBooks. The director's approval is required before the vendor appears in the system.
Quarterly, have the director or a board member review the vendor list for anything that looks unusual: duplicate names, addresses that match employee addresses, or vendors with no transaction history.
Control 6: QuickBooks Built-In Controls
QuickBooks has audit trail functionality that logs every transaction change with the user, timestamp, and the before/after values. Verify this is enabled (it is on by default in QB Online; check preferences in QB Desktop).
Set a closing date password so that prior-period entries require director authorization to modify. Attach invoice PDFs to every bill in QuickBooks to create an auditable link between the bill and the payment.
The Recommended Workflow With These Controls in Place
The practical daily and monthly flow:
You enter bills as received. Before each check run, you send the director a structured list with supporting documents attached. The director approves explicitly. You print unsigned checks (or initiate ACH with the director as the required second approver). If using physical checks, the director signs and mails them. The bank statement goes directly to the director's email monthly. The director reviews cleared checks before you receive the statement. You prepare the reconciliation. The director reviews and approves it. Quarterly, the director reviews the vendor list.
This is not perfect SoD. But it creates genuine independent oversight at the two highest-risk points: payment release and account reconciliation. The director is no longer a rubber stamp who sees paperwork after the fact. They are a required participant in the payment cycle.
From Manual Controls to System Enforcement
The practical limitation of everything described above is that it depends on consistent human behavior. The director must remember to check the bank statement. You must remember to send the check list before printing. The approval email must arrive before the check run happens.
For organizations that have grown beyond the manual control stage, the value of system-level SoD enforcement is that it converts voluntary processes into structural requirements. In a governed access management system, the action cannot occur until the system registers the required approval. The check run does not proceed without the approval recorded in the system, regardless of whether anyone remembered to send an email.
Zluri's SoD module applies this same logic to the identity and access layer of enterprise applications. For financial systems (QuickBooks, NetSuite, SAP, and others), Zluri monitors for conflicting permission combinations in real time: the same user holding vendor creation and payment approval rights, or payroll modification and payroll execution access. When a conflict is detected, the policy owner is alerted immediately rather than at the next quarterly review.
The shift from email approvals to system-enforced controls is the difference between a policy that is supposed to be followed and a control that structurally cannot be bypassed. For organizations at the size where that investment makes sense, it closes the gap between your accounting manual and your actual control environment.
The Bottom Line
In a two-person organization, full SoD is not achievable. Compensating controls are the realistic alternative. The highest-impact changes in order:
Eliminate the signature stamp and replace it with director-approved ACH or unsigned checks that the director signs and mails. This is the single change that most directly reduces your risk.
Have the bank statement delivered directly to the director. This is your most powerful detective control.
Strengthen email approvals with structure, documentation, and dollar thresholds so they produce an auditable record rather than an informal trail.
Get an independent review of your reconciliations, even if you prepare them.
Require director approval for new vendor setup.
Document all of this in your accounting manual. A control that exists only as an informal practice is not a control that will survive an audit.
















