Types of Controls
Internal controls are processes designed to provide reasonable assurance regarding the achievement of objectives in the effectiveness and efficiency of operations, reliability of financial reporting, and compliance with laws and regulations. Internal controls are carried out by employees at all levels of the organization.
There are two main types of controls.
Preventative Controls
These controls safeguard against errors or irregularities. They protect the University by eliminating problems before they happen. Examples include:
- Hiring trustworthy, competent staff
- Segregation of duties to prevent intentional wrongdoing
- Proper authorization to prevent improper use of University resources
- Creating strong expectations backed by clear accountability
- Enforcing clear recordkeeping and documentation procedures
Detective Controls
When preventative controls fail, detective controls can be used to identify potential errors and problems. Use these controls to gauge how effective your preventative controls are and strengthen them, if possible. Examples include:
- Reviewing financial statements for irregularities
- Reviewing procurement card statements or direct payment reimbursements for appropriateness, allowability and/or proper allocation
- Employing monitoring procedures, such as exception reports, analytical reviews and metrics monitoring