Preventive Controls
Many preventive controls are based on the concept of separating duties. Examples include prohibiting the same person from conducting related transactions such as initiating and recording transactions; making purchases and approving payments; ordering and accepting inventory; approving vendors and making payments; receiving bills and approving payments; and authorizing returns and issuing refunds. Payroll preparation and distribution duties and approving, writing and signing checks should also be done by different people.
Examples of internal controls built around the concept of authorization, approval and verification include requiring supervisory review and approval of payroll information before disbursement, requiring interdepartmental dual authorization of payroll data by accounting and human resources departments and requiring prior approval of credit customers, vendors and purchases.
Examples of internal controls built around the concept of authorization, approval and verification include requiring supervisory review and approval of payroll information before disbursement, requiring interdepartmental dual authorization of payroll data by accounting and human resources departments and requiring prior approval of credit customers, vendors and purchases.
Detective Controls
Detective controls are internal controls designed to identify problems that already exist. Audits are an example of a detective control. Monthly reconciliation of bank accounts, review and verification of refunds, reconciliation of petty cash accounts, audits of payroll disbursements or conducting physical inventory are all examples of detective controls. Preventive and detective controls are often required in combination to provide sufficient protection. Computer systems require preventive controls through acceptable use and access control. Computer usage logs must be kept. Logs are a form of detective control to be reviewed and audited at regular intervals.
No comments:
Post a Comment