Types of Internal Audit Controls
Internal audit controls are also known as internal controls. Companies rely on these policies to safeguard operating assets against the risks of theft and obsolescence. They also chart these norms to run efficient businesses, improve client service and grow sales. There are three types of internal controls: preventive, detective and corrective.
Internal auditing helps a company weed inadequate or inefficient processes out of its operations. This practice allows the business to cut costs where needed, remove complexities in the way it operates, and hand-segment personnel the tools to increase productivity and sales. Most importantly, the internal audit function enables companies to continually review and update operating policies -- so that personnel can effectively perform tasks without the outdated restrictions that may come from erstwhile procedures. The internal audit occupation encourages professional certification and lifelong learning, and most experienced auditors hold such designations as certified public accountant and certified internal auditor.
Preventive controls represent the first barrier that shields a company from significant operating losses resulting from specific incidents. These include technological malfunctions, operating errors, fraud and negative regulatory pronouncements -- such as debarments, fines, penalties and temporary suspensions. Preventive policies keep errors from occurring in the first place. Examples include having two or more employees sign all checks with amounts exceeding $10,000; requiring accountants to review all journal entries, memoranda and financial notes that bookkeepers post in general ledgers; and directing quality-assurance managers to inspect a sample of products to prevent bad items from slipping through the manufacturing process.
Detective controls help business managers uncover errors or irregularities that have already happened. Here the goal is to put into place appropriate tools and methodologies to run random sting operations in specific locations or work streams. Internal auditors can be useful in the process, as they usually test risky processes when performing corporate reviews. For example, internal reviewers may screen a statistically significant sample of journal entries and determine whether bookkeepers posted debits and credits to proper accounts. Examples of detective controls include randomly selecting products to gauge quality, comparing monthly bank balances and cash amounts reported in corporate books, and sending periodic surveys to personnel asking for such sensitive issues as sexual harassment incidents and discriminatory practices in the workplace.
Corrective controls give corporate personnel the "firefighter tools" necessary to stop operational fires and the metaphoric smoke coming out of bad processes, lower employee morale and inefficient production mechanisms. Simply put, these policies help the business remedy operating damages that result from inadequate mechanisms or weak controls. For example, the U.S. Occupational Safety and Health Administration levies a hefty fine on a company for lack of security policies in its manufacturing sections. To correct the deficiency, corporate management may direct department heads to create a clear policy book and provide safety training for personnel on a periodic basis.