Control Activities

Control activities are those specific policies and procedures that help ensure management directives are implemented. They include a wide range of activities that occur throughout the organization, by supervisory and front-line personnel. This is not an all-inclusive list, but here are some examples of common control activities:

Segregation of Duties

Duties are divided, or segregated, among different people to reduce the risk of error or inappropriate actions. For instance, responsibilities for authorizing transactions, recording them, and handling the related asset are divided.

Physical Controls

Equipment, inventories, securities, cash, and other assets are secured physically, periodically counted, and compared with amounts shown on control records. Access is restricted to those with authority to handle them.


Comparisons are made between similar records maintained by different persons to verify transaction details.

Policies and Procedures

Established policies, procedures, and even job descriptions provide guidance and training to ensure consistent performance at a required level of quality.

Transaction and Activity Reviews

Managers running functions or activities review performance reports. They may relate different sets of data - operating or financial - to one another, together with analyses of the relationships.

Information Processing Controls

A variety of controls are performed to check accuracy, completeness, and authorization of transactions. Data entered are subject to edit checks or matching to approved control files. Numerical sequences of transactions are accounted for, file totals are controlled, and reconciled with prior balances and control accounts. Development of new systems and changes to existing ones are controlled, as is access to data, files and programs.

Go to the Internal Audit home page