CHAPTER 6 Control Activities The Absolutes

YOU HAVE COMPLETED a thorough risk assessment. What now? It does no good if you simply know the risks. You have to do something about them. You have to respond to them. Developing specific control activities is the response to the identified fraud risks.

Similar to the fraud risk assessment, this process can seem somewhat overwhelming. However, common sense should prevail, and common sense should keep it simple.

These absolute strategies discuss an approach to developing and documenting the control activities that make up the core of the anti-fraud program. To begin the process of control activities design, several critical principles must be understood.


Principle 1. Design the Internal Control around the Position, Never around the Person in That Position

This is the critical principle of internal control design. People always change, but the position most likely does not. Take an accountant position as an example. Natalie has been the company accountant for the past 20 years. The company is expecting her retirement soon; unfortunately, she will be gone sooner than we think. You see, today just isn’t her day. She just stepped in front of the proverbial bus while leaving the office. So now you have the same accounting position but a different person serving in that position. Natalie ...

Get Internal Control/Anti-Fraud Program Design for the Small Business: A Guide for Companies NOT Subject to the Sarbanes-Oxley Act now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.