Control Characteristics

There are many different types of controls that organisations use. Examples are: policies and procedures; authorisation levels; segregation of duties; reconciliations; key performance indicators; physical security and systems access; recruitment and exit processes; internal audit; management review; training and development; ethics charters and codes of conduct; and many others. Some of them serve different purposes and many operate in different ways, so it is helpful to look at a number of key control characteristics.

Preventative and Detective Controls

Internal controls can be categorised into two broad types: preventative controls and detective controls. Each has different characteristics and each has a key role to play in the fight against fraud. The major features of each are as follows:

• Preventative controls. The aim of a preventative control is to stop an event from occurring or a risk from materialising in the first place. Robust staff recruitment procedures used by an organisation when hiring new employees are a good example of this. Their overall aim is to ensure that the organisation hires the best available people but an important by-product of the vetting process is that any undesirable or unsuitable applicants should be prevented from working in the business from the outset.
• Detective controls. Here the objective is different, it is to highlight or flag up or otherwise indicate to management that something has gone wrong – that is to say, ...