Internal Control and Risk (25–35%)
2.1 Types of Controls
Topics covered in this section include: control characteristics; control requirements; combination, complementary, compensating, and contradictory controls; control assessment; cost/benefit analysis; cost versus controls versus convenience; controls by dimension; specific types of controls by function and by objectives; controls in business application systems; inventory of controls in business application systems; and summary of controls.
(a) Control Characteristics
Control is any positive and negative action taken by management that would result in the accomplishment of the organization’s goals, objectives, and mission. Controls should not lead to compulsion or become a constraint on employees. Controls should be natural and should be embedded in organizational functions and operations. In addition, controls should be accepted by employees using or affected by them. Use and implementation of controls should be inviting, not inhibiting. Controls should be seen as beneficial from the employee’s personal and professional viewpoints. Ideally, controls should facilitate the achievement of employees’ and organizational goals and objectives. In other words, any control that does not help to achieve or promote the achievement ...