What are control activities?
A control activity is an action designed to manage risks within an organization and reduce them to an acceptable minimum. These activities are an integral part of an organization's risk management and are essential for an effective system of internal control. They help achieve business objectives, ensure the accuracy and reliability of financial reporting, and ensure compliance with laws and regulations.
In practice, a control activity is a specific description of how, when, in what manner, and by whom the control - the measure to mitigate the risk to an acceptable level - is actually performed.
Control activities can range from very simple to very complex, depending on the size and nature of the organization. Here are some examples of control activities within a trading company:
- Goods receipt procedures
When products arrive at the warehouse, the person responsible for the warehouse checks if the received goods match the ordered items according to the purchase order and packing slip. They sign off on the receipt or report discrepancies if any. This helps identify and prevent errors or fraud in the receipt of goods. Additionally, it provides a basis to verify the accuracy and completeness of incoming purchase invoices, ensuring legitimate payments.
- Authorization of price changes
Strict procedures are in place for authorizing price changes. Only certain employees have the authority to change product prices in the automated system, which helps prevent unauthorized price adjustments.
- Segregation of duties
The duties of personnel authorizing payments, processing payments, and maintaining the accounting records are separated. This reduces the chance of fraud and ensures better control over cash flows.
- Access controls to information systems
Using passwords and user rights ensures that only authorized personnel have access to financial and operational systems. This prevents unauthorized access to sensitive business information.
Internal control
For each risk identified in your organization's risk-control matrix (especially those marked as key risks), the controls designed to substantially mitigate these risks within the current process environment are described. Control activities are an integral part of an organization's broader internal control framework. They are designed to manage risks and ensure that the organization's objectives are achieved.
The risk-control matrix is a tool used to map the relationship between risks and control measures. It identifies the key risks facing an organization and links them to the specific control measures implemented to manage those risks. This helps prioritize and ensure that the appropriate actions are taken to address the most significant risks.
This increases the effectiveness of the internal control system and strengthens the organization's ability to achieve its objectives in line with its mission, vision, and core values. Moreover, it provides a mechanism for continuous monitoring and evaluation, allowing the organization to adapt flexibly to changing conditions and new risks.
Description of control activities
The descriptions of the controls will eventually be specified for your organization in Control Activities (CAs). These descriptions should be concise and free of unnecessary text. An outsider should easily see that the CA contributes to mitigating the risk or completely covering the risk. Additionally, you should clearly indicate whether it is a user-based control or an application-based control.
Be aware that a described CA must be testable, meaning it can be tested for its effective operation. To be concise, apply the '5Ws' from English in the description of the CA. This also helps to include the most relevant aspects in the description:
Who performs?
What info/input is needed to carry out the activity?
How often is it performed?
How is the control evidenced?
How are exceptions reviewed and approved?
Sustainable success through manageable and controlled growth
The ICR online business software helps entrepreneurs and organizations find balance and peace, through manageable and controlled growth, with the goal of a healthy organization and sustainable success. We do this through the all-encompassing ICR cycle.
Choose our successful approach and start your process to go from ambition to result with the ICR Ambition Refresher!
The comprehensive ICR cycle