METHODS OF DATA PROCESSING.

Internal controls should achieve the four broad

objectives regardless of the data processing method used. The control techniques used

to achieve these objectives will, however, vary with different types of technology.

LIMITATIONS. Every system of internal control has limitations on its effectiveness.

 Collusion. Two or more people who are intended by a system of control to keep

watch over each other could instead collude to circumvent the system.

 Human error. A person involved in a control system could simply make a

mistake, perhaps forgetting to use a control step. Or, the person does not

understand how a control system is to be used, or does not understand the

instructions associated with the system. This may be caused by the assignment

of the wrong person to a task.

 Management override. Someone on the management team who has the

authority to do so could override any aspect of a control system for his personal

advantage.

 Missing segregation of duties. A control system might have been designed with

an insufficient segregation of duties, so that one person can interfere with its

proper operation.

Consequently, it must be accepted that no system of internal controls is perfect.

There is always a way in which it can fail or be circumvented.

 The possibility that procedures may become inadequate

 Most internal controls tend to be directed at routine of anticipated types of

transactions

5.7 The Preventive–Detective–Corrective Internal Control Model

PREVENTIVE CONTROLS. Prevention is the first line of defense in the control structure.

Preventive controls are passive techniques designed to reduce the frequency of occurrence of

undesirable events. Preventive controls force compliance with prescribed or desired actions

and thus screen out aberrant events. These controls prevent losses from occurring.

DETECTIVE CONTROLS. Detective controls form the second line of defense. These are

devices, techniques, and procedures designed to identify and expose undesirable events that
elude preventive controls. Detective controls reveal specific types of errors by comparing

actual occurrences to pre-established standards. These controls monitor activity to identify

instances where practices or procedures were not followed

CORRECTIVE CONTROLS. Corrective controls are actions taken to reverse the effects of

errors detected in the previous step. There is an important distinction between detective

controls and corrective controls. Detective controls identify anomalies and draw attention to

them; corrective controls actually fix the problem. For any detected error, however, there

may be more than one feasible corrective action, but the best course of action may not

always be obvious. restore the system or process back to the state prior to a harmful

event.