SO FAR, WE HAVE EXAMINED (1) the guiding principles of control activities design, (2) the foundational control activities that every organization should have, and (3) the necessary detection control activities for the smallest of organizations that cannot have adequate segregation of duties.

This chapter is devoted to various control activities that address a wide range of issues that can exist within transaction processes. Chapter 9 addresses control activities specific to financial statement line items.

How to document the anti-fraud program is covered in Chapter 10. The presentation in this chapter is documentation based, meaning that the information is presented as it would look in the final documented anti-fraud program.

Based on the risks identified in the fraud risk assessment, you must develop specific control activities in response.

TWO OPERATIONAL QUESTIONS

As you address these risks, two all-encompassing operational questions will serve as your guide:

1. How does money go out of our organization?
2. How does money come in to our organization?

If you can answer these two questions, you have the groundwork necessary to construct specific control activities for your organization. Let’s look at an example of the possible answers to the first question.