Types of Internal Controls
There are two basic categories of internal controls – preventive and detective. An effective internal control system will have both types, as each serves a different purpose.
Preventive controls aim to decrease the chance of errors and fraud before they occur, and often revolve around the concept of separation of duties. From a quality standpoint, preventive controls are essential because they are proactive and focused on quality.
Examples of preventive controls include:
- Separation of duties
- Pre-approval of actions and transactions (such as a Travel Authorization)
- Access controls (such as passwords and Gatorlink authentication)
- Physical control over assets (i.e. locks on doors or a safe for cash/checks)
- Employee screening and training (such as the PRO3 Series to increase employee knowledge)
Detective controls are designed to find errors or problems after the transaction has occurred. Detective controls are essential because they provide evidence that preventive controls are operating as intended, as well as offer an after-the-fact chance to detect irregularities.
Examples of detective controls include:
- Monthly reconciliations of departmental transactions
- Review organizational performance (such as a budget-to-actual comparison to look for any unexpected differences)
- Physical inventories (such as a cash or inventory count)
01/31/2020: reviewed content
PRO303: Internal Controls at UF
University Controller’s Office: (352) 392-1321