An effective internal control
system is essential to an
organization to achieve its strategic, operational, compliance, and reporting
goals. Most important, an effective internal control system is necessary to
mitigate the risk of fraud. Evaluating your current internal control structure
and considering the effectiveness of its preventive and detective controls on
an ongoing basis can help to ensure that your organization’s processes are
functioning properly; thus saving costs in the long-term.
There are several components to
establishing an effective internal control environment, one of the most
significant being the control activities component. Control activities are actions
established through policies and procedures to help ensure that management
directives to mitigate risks and achieve organizational objectives are carried
out. Implementing two types of control activities, preventive and detective
controls, can assist with avoiding and detecting errors and fraud in
transactions, resulting is more accurate financial reports and the achievement
of management’s objectives.
Preventive Controls: are designed to avoid errors or fraud in transactions
before
they occur. In other words, preventive controls attempt to prevent invalid
transactions from being processed and assets from being misappropriated. Although
controls should be tailored to an organization’s specific environment, a common
example of an effective preventive control is the segregation of duties. The
responsibilities of authorizing transactions, recording transactions, reviewing
transactions, and maintaining custody of the asset should all be performed by
different individuals. Below are examples of preventive controls:
- Segregation of duties.
- Pre-approval of actions and transactions.
- Physical control over assets (i.e. locks).
- Computer passwords and access controls.
- Employee screening and training.
Detective Controls: are designed to find errors or fraud in
transactions after they have occurred (already been processed) and identify
missing assets or invalid transactions. Although at first glance preventive
controls appear more beneficial, it is necessary to install both types of
control activities. Detective controls have the objective of detecting errors
or fraud that could result in a misstatement of the financial statements. Detective controls are vital in determining if
the preventive controls in place are functioning properly. Below are examples
of detective controls:
- Surprise cash counts.
- Physical inventory counts.
- Reconciliations.
- Review organizational performance (i.e. budget
to actual and current year to prior year).
- Internal audit.
Designing appropriate and
effective preventive and detective controls to confront your organization’s
risks is crucial to a strong internal control system. If you’d like assistance
in identifying your organization’s risks, evaluating your current internal
control system, or implementing new control activities, please feel free to
contact Kristi Yanover, Audit Partner, at (858) 558-9200.