Skip to Content Skip to Navigation

Preventive controls

Control activities are actions, supported by policies and procedures that, when carried out properly and in a timely manner, manage or reduce risks. Control activities can be either preventive or detective.

Preventive Controls

Preventive controls attempt to prevent or deter undesirable acts from occurring. They are proactive controls, designed to prevent a loss, error, or omission. Examples of preventive controls are:

Preventive control Control description Examples
Segregation of duties In an ideal environment, major functions such as authorization, recording, verification, and custody of assets, should be performed by a different employee. If a person performs more than one of these major functions, without additional mitigating controls in place, there is the potential to carry out and conceal errors and/or irregularities in the course of performing day-to-day activities. Incompatible duties may include:

  • Authorizing a transaction to purchase an asset, receiving and maintaining custody of the asset
  • Depositing cash and reconciling bank accounts
  • Receiving checks and approving write-offs on accounts receivables
Adequate documentation Each transaction must stand on its own and an independent reviewer should be able to easily interpret and understand the purpose of the transaction. This can be achieved by maintaining adequate supporting documentation. Answering the following questions somewhere on the transaction:

  • Who
  • What
  • When
  • Where
  • Why – Business Purpose
  • Evidence of additional approvals required
Proper authorizations All transactions must be authorized by an individual with the authority to do so. Employees cannot authorize transactions for their own business reimbursement.  Verbal authorization is acceptable, but not recommended.  Physical signature stamps are not acceptable.
  • Dean budgeting for a program to occur
  • Division of Finance-Contracts signing a contract
  • HR Supervisor verbally approving travel to a training for an employee
  • Electronic approval by Fiscal Reviewer on voucher
Physical security over cash and other assets Access to equipment, inventories, securities, cash and other assets should be restricted based on need; and assets are periodically counted.
  • Limit access to safe to change fund custodian and manager
  • Registers locked when not in use
  • Lab equipment in secure rooms only accessible by researchers