29.Control Procedures
Control procedures are those policies and procedures in addition to the control environment, that management has established to ensure as far as possible, that specific entity objectives will be achieved.
(a) Information Processing Controls
Proper authorization procedures to ensure that transactions are authorized by personnel acting within the scope of their authority.
Authorizations may be general or specific.
General control relate to general transactions and specific authorization apply to non-routine transactions or routine transactions that exceed a certain limit.
Authorization controls are also important in limiting access to assets, documents and records.
(b) Segregation of Duties
Segregation of duties ensures that individuals do not perform incompatible duties.
Duties are considered incompatible from a control stand point when it is possible for an individual to commit an error or irregularity and then be in a position to conceal it in the normal course of his or her duties.
Responsibility for executing a transaction, recording the transaction and maintaining custody of the assets resulting from the transaction should be assigned to different individuals or departments.
(c ) Physical Controls
Physical controls limit access to assets and important records.
Direct controls include initiating measures for the safe keeping of assets, documents and records.
Indirect controls apply to the preparation or processing of documents such as sales orders.
When computers are used, passwords can be used to control access.