Study: How do the three types of internal control activities safeguard assets?

Step1.png

Read the Topic Learning Resources beneath the black bar below (approximately 10m).  Note:  I did not create my own custom videos for this topic, I wrote the text and hyperlinked to other useful Internet resources on the topic.

Step2.png
Take the topic quiz, by clicking here or clicking the "Next" button at the bottom right of this page.

Step3.png
Score at least 4 out of 5 on the quiz before moving on. If you do not score at least 4 out of 5 on the quiz, restudy the material and try again.  I will keep your highest score.

Title_Topic_Learning_Resources.png

Company management has the responsibility to shareholders to help the company achieve its organizational objectives.  In order to achieve its objectives, it is essential that company management design, implement, and operate a reliable system of internal control.  Per Internal Control - Integrated Framework Links to an external site., internal control should "provide reasonable assurance regarding the achievement of objectives related to operations, reporting and compliance."

 

1.Effectiveness and efficiency of operations.

 

  • Effectiveness means to achieve the entity's objectives
  • Eficiency means to do so using the least amount of resources.
2.Reliability of internal and external financial and non-financial reporting

 

  • Reliable financial and non-financial reporting ensures that financial statements as well as management reports are prepared and presented in accordance with applicable guidelines, be those internal or external
3.Compliance with applicable laws and regulations to which the entity is subject.

 

  • Compliance ensures that applicable local, state and federal laws and regulations are followed

See:  Internal Control - Integrated Framework Executive Summary page 3 Links to an external site.

Internal control activities, particularly those implemented to ensure the effectiveness and efficiency of operations play a major role in safeguarding the company's assets.
 
Internal control activities are usually classified into the following three types:
 
  • preventive controls
  • detective controls
  • corrective controls
Each type of internal control activity plays a significant role in ensuring the company's assets Links to an external site.are properly safeguarded and accounted for.
 
Preventive controls
In general, preventive control activities are the most cost effective of the three types of internal control activities, because they help prevent the loss of assets in the first place and are often not very expensive to implement.  Here are some examples of preventive control activities to safeguard assets:
 
  • bonded Links to an external site. (i.e. insured) cash-handling employees
  • dual-signature requirements on all checks over a pre-defined amount such as $1,000
  • employee background checks
  • employee training and required certifications
  • password protected access to asset storage areas
  • physical locks on inventory warehouses
  • security camera systems
  • segregation of duties Links to an external site. (i.e. recording, authorization, and custody all handled by separate individuals)
Detective controls
Detective controls seek to identify when preventive controls were not effective in preventing errors and irregularities, particularly in relation to the safeguarding of assets.  Some examples of detective control activities are:
 
  • bank reconciliations (i.e. cash per the bank is reconciled to the cash per the company's books)
  • control totals (i.e. cash per cash register tape is reconciled to cash received in the cash register bag)
  • physical inventory counts (i.e. inventory is physically counted and then compared to the inventory ledger)
  • reconciliation of the general ledgers to the detailed subsidiary ledgers Links to an external site.
  • surprise counts of cash on hand (i.e. petty cash is counted on a random and surprise basis)

Corrective control activities
When detective control activities identify an error or irregularity, corrective control activities should then kick in to see what could or should be done to fix it, and hopefully put a new system in place to prevent it the next time around.  For example:

  • data backups can be used to restore lost data in case of a fire or other disaster
  • data validity tests can require users to confirm data inputs if amounts are outside a reasonable range
  • insurance can be utilized to help replace damaged or stolen assets
  • management variance reports can highlight variances from budget to actual for management corrective action
  • training and operations manuals can be revised to prevent future errors and irregularities
For a more complete discussion of, and examples of, preventive, detective and corrective control activities, feel free to click on either of the following websites:
 
 
Internal auditors can play a key role in preventive, detective, and corrective control activities.  Although they do have additional consulting-related responsibilities as described by the Institute of Internal Auditors Links to an external site., many companies use internal auditors as an internal policeman of internal controls. Through the diligent efforts of internal auditors, as well as the conscientious effort of all employees, the company's assets can be appropriately safeguarded for use in achieving the company's organizational objectives.