TYPES OF

INTERNAL
CONTROL
QUESTIONS TO DETERMINE
APPROPRIATE CONTROL:
What could go wrong?

What steps have been taken to ensure that something

does not go wrong?

How can you verify that nothing went wrong?

PREVENTIVE CONTROLS
Preventive controls aim to decrease the chance of errors and fraud before they
occur, and often revolve around the concept of separation of duties. From a
quality standpoint, preventive controls are essential because they are proactive
and focused on quality.
Examples of preventive controls include:
 Separation of duties
 Pre-approval of actions and transactions (such as a Travel Authorization)
 Access controls (such as passwords and Gatorlink authentication)
 Physical control over assets (i.e. locks on doors or a safe for cash/checks)
 Employee screening and training (such as the PRO3 Series to increase
employee knowledge)
DETECTIVE CONTROLS
Detective controls are designed to find errors or problems after the
transaction has occurred. Detective controls are essential because they
provide evidence that preventive controls are operating as intended, as well
as offer an after-the-fact chance to detect irregularities.
Examples of detective controls include:
 Monthly reconciliations of departmental transactions
 Review organizational performance (such as a budget-to-actual
comparison to look for any unexpected differences)
 Physical inventories (such as a cash or inventory count)
DETECTIVE CONTROLS
Questions usually asked;
 What caused the event to occur?
 What process failed that allowed the event to occur?
 Is there a policy that can be implemented to keep the event from happening
again in the future?
Some examples of detective controls are internal audits, reviews,
reconciliations, financial reporting, financial statements, and physical
inventories.
CORRECTIVE INTERNAL
CONTROLS
 Corrective internal controls are typically those controls put in place after the detective
internal controls discover a problem. These controls could include disciplinary action,
reports filed, software patches or modifications, and new policies prohibiting practices
such as employee tailgating. They are usually put into place after discovering the
reasons why they occurred in the first place.
Examples:
Penalty system
Contingency planning
Disciplinary action
New policies
INTERNAL CONTROL
EXAMPLES IN AUDITING AND
ACCOUNTANCY
 SEPARATION OF DUTIES
 ACCOUNTING SYSTEM ACCESS CONTROL
 PHYSICAL AUDITS OF ASSETS
 STANDARDISED FINANCIAL DUCUMENTATION
 DAILY OR WEEKLY TRIAL BALANCES
 PERIODIC RECONCILIATIONS IN ACCOUNTING SYSTEMS
 APPROVAL AUTHORITY REQUIREMENTS
BASIC INTERNAL CONTROL:
 Asset security
 Authorizations and Approvals
 Cash and Check Collections
 Documentation
 Monthly Reconciliation
 Payroll
 Separation of Duties
 Telecommunications
BENEFITS OF
INTERNAL
CONTROL
 Prevents Fraud
-One benefit of internal controls is a reduction in fraud opportunities.
 Error Prevention
-Some internal controls are intended to spot potential errors before they happen.
 Error Spotting
-No matter how hard you try, you won’t spot every potential error at your company, and
mistakes will happen. Internal controls can help you detect errors early and address them before
they get out of hand.
 Reduced Lawsuits and Insurance Claims
-Having a company policies and procedures manual that lays out staff behavior restrictions can
help you reduce the risk of lawsuits or costly insurance claims.
RISKS OF WEAK
INTERNAL
CONTROL
 Erroneous Management Decisions - based on erroneous, inadequate or
misleading information
 Fraud, Embezzlement and Theft - by management, employees, customers,
vendors or the public-at-large
 Sanctions - penalties arising from failure to comply with regulatory
requirements, as well as overt violations of the law
 Excessive Costs/Deficient Revenues - expenses which could have been
avoided, as well as loss of revenues to which the organization is entitled
 Loss, Misuse or Destruction of Assets - unintentional loss of physical assets
such as cash, inventory and equipment
WHO DOES
INTERNAL
CONTROL?
Internal control is the general responsibility of all members in an organization. However, the
following three groups have specific responsibilities regarding the internal control structure.

 Management holds ultimate responsibility for establishing and maintaining an effective

internal control structure. Through leadership and example, management demonstrates ethical
behavior and integrity within the company.
 The board of directors provides guidance to management. Because board members have a
working knowledge of the functions of the company, they help shield the company from
managers who try to override some control procedures for dishonest purposes. Often, an
efficient board that has access to the company’s internal auditors can discover such fraud.
 Auditors within the organization evaluate the effectiveness of the internal control structure
and determine whether company policies and procedures are being followed. All employees
are part of a communications network that enables an internal control structure to work
effectively.