COSO defines control activities as “the
actions established through policies and procedures
that help ensure that management’s
directives to mitigate risks to the achievement
of objectives are carried out.” Examples
include authorizations, security of assets, reconciliations,
verifications, separation of
duties, and information technology controls.
Authorizations include such measures
as credit approvals for new customers,
approvals for purchases, and approvals for
additions to approved vendors. Asset security
includes passwords to protect computer
technology, appropriate procedures for
sales demonstration equipment, and limited
access to inventory.
Reconciliations involve reconciling subsidiary
ledgers, such as accounts receivable,
accounts payable, work-in-progress,
and inventory, to the general ledger, as well
as bank and petty cash reconciliations. An
important reconciliation is a report of
unclosed purchase orders and sales
orders. For example, prenumbering sales
and purchase orders are not an effective
control without proper follow up on missing
numbers, yet this control is often dismissed
as too time consuming or even low
priority; several of these unbilled orders
can have a substantial negative effect on
an entity’s cash flow and performance.
Verifications include conducting background
and reference checks for new
employees, requiring purchase orders, and
receiving reports and invoices prior to payments
for inventory and other expenses.
Even though most small businesses are
aware of the importance of reference
checks, some continue to rely on their
instinct and dismiss reference checks as
unnecessary, often by suggesting that
potential employees would never list a reference
likely to give a poor report; however,
employers contacting potential references
continue to find that some have
been terminated for cause, many times