YOU HAVE COMPLETED a thorough risk assessment. What now? It does no good if you simply know the risks. You have to do something about them. You have to respond to them. Developing specific control activities is the response to the identified fraud risks.
Similar to the fraud risk assessment, this process can seem somewhat overwhelming. However, common sense should prevail, and common sense should keep it simple.
These absolute strategies discuss an approach to developing and documenting the control activities that make up the core of the anti-fraud program. To begin the process of control activities design, several critical principles must be understood.
CRITICAL PRINCIPLES OF CONTROL ACTIVITY DESIGN
Principle 1. Design the Internal Control around the Position, Never around the Person in That Position
This is the critical principle of internal control design. People always change, but the position most likely does not. Take an accountant position as an example. Natalie has been the company accountant for the past 20 years. The company is expecting her retirement soon; unfortunately, she will be gone sooner than we think. You see, today just isn’t her day. She just stepped in front of the proverbial bus while leaving the office. So now you have the same accounting position but a different person serving in that position. Natalie ...