What are Control Activities?

Control activities are those policies and procedures used to ensure that an organization carries out the directives of the management team. There are many control activities, including the segregation of duties to require the involvement of multiple personnel in transactions, and the physical safeguarding of assets to reduce their risk of loss.

A risk audit may uncover instances in which more controls are needed, in which case management may elect to install additional control activities. The volume of control activities installed is limited by their cost-effectiveness. Typically, only highly cost-effective control activities will be installed.

Types of Control Activities

There are many types of control activities, of which the following are commonly used:

Authorization controls. Ensure that transactions are approved by individuals with the proper authority before execution.
Segregation of duties. Divide responsibilities among different individuals to reduce the risk of error or fraud (e.g., separating custody, authorization, and recordkeeping).
Reconciliations. Regularly compare records from different sources (such as bank statements and accounting records) to identify and resolve discrepancies.
Physical controls. Safeguard assets through measures like locked storage, restricted access, and inventory counts.
Supervisory controls. Involve ongoing oversight by management to ensure tasks are being performed as intended and policies are being followed.
Information processing controls. Include checks on data accuracy, completeness, and authorization during input, processing, and output stages of information systems.
Review and monitoring controls. Entail periodic reviews of operations, performance metrics, and exception reports to detect and correct problems proactively.