Professional Documents
Culture Documents
objectives regardless of the data processing method used. The control techniques used
to achieve these objectives will, however, vary with different types of technology.
Collusion. Two or more people who are intended by a system of control to keep
watch over each other could instead collude to circumvent the system.
mistake, perhaps forgetting to use a control step. Or, the person does not
instructions associated with the system. This may be caused by the assignment
authority to do so could override any aspect of a control system for his personal
advantage.
Missing segregation of duties. A control system might have been designed with
an insufficient segregation of duties, so that one person can interfere with its
proper operation.
transactions
PREVENTIVE CONTROLS. Prevention is the first line of defense in the control structure.
Preventive controls are passive techniques designed to reduce the frequency of occurrence of
undesirable events. Preventive controls force compliance with prescribed or desired actions
and thus screen out aberrant events. These controls prevent losses from occurring.
DETECTIVE CONTROLS. Detective controls form the second line of defense. These are
devices, techniques, and procedures designed to identify and expose undesirable events that
elude preventive controls. Detective controls reveal specific types of errors by comparing
CORRECTIVE CONTROLS. Corrective controls are actions taken to reverse the effects of
errors detected in the previous step. There is an important distinction between detective
controls and corrective controls. Detective controls identify anomalies and draw attention to
them; corrective controls actually fix the problem. For any detected error, however, there
may be more than one feasible corrective action, but the best course of action may not
always be obvious. restore the system or process back to the state prior to a harmful
event.