top of page
  • CCS

Internal Control Components: Control Activities

Updated: Dec 31, 2022


Control activities are the policies and procedures that help ensure management’s directives are carried out.


Examples include controls to ensure that goods are not shipped to bad credit risk or that only authorised purchases are made.


控制活动是有助于确保管理层的指令得到执行的政策和程序。


例如,确保货物不被运往不良信用风险的控制,或只进行授权的采购。


These controls address risks that, if not mitigated, would threaten the achievement of the entity’s objectives.


Control activities (whether within or outside the general and subsidiary ledgers) are designed to mitigate the risks involved in everyday activities such as transaction processing (business processes such as sales, purchases, and payroll) and safeguarding assets.

Control activities relevant to the audit may also include controls established by management that address disclosures being prepared in accordance with the applicable financial reporting framework — this would be in addition to controls that address risks related to account balances and transactions.


这些控制措施针对的是那些如果不加以缓解就会威胁到实体目标的实现的风险。


控制活动(无论是在总账和辅助账内还是在总账外)旨在减轻日常活动中的风险,如交易处理(诸如销售、采购和工资等业务流程)和保护资产。


与审计有关的控制活动还可能包括管理层建立的控制,这些控制涉及按照适用的财务报告框架编制的披露内容--这将是对解决与账户余额和交易有关的风险的控制的补充。


Business processes are structured sets of activities designed to produce a specified output. Business process controls can generally be classified as preventive, detective and corrective, or compensating or steering, as outlined below.


业务流程是一组结构化的活动,旨在产生一个特定的输出。业务流程控制一般可分为预防性、检测性和纠正性,或补偿性或指导性,如下所示。


The nature of business process controls will vary based on the risks involved and the specific application.


Typical controls at the business process level would include the matters set out below:-


业务流程控制的性质将根据所涉及的风险和具体应用而有所不同。


业务流程层面的典型控制将包括以下事项:-


Controls: Segregation of Duties

Description: These controls can reduce the opportunities for a person to be in a position to both perpetrate and conceal errors or fraud.


Examples: The employee responsible for the accounts receivable processing cannot access cash receipts.


控制:职责分离

描述:这些控制措施可以减少一个人既能犯错又能隐瞒错误或欺诈的机会。


举例说明:负责处理应收账款的员工不能接触现金收据。

Controls: Authorisation Controls

Description: These controls define who has the authority to approve various routine and non-routine transactions and events.


Examples: Assigning responsibility to authorise:

  • Hiring of new employees;

  • Making investments;

  • Ordering goods and services; and

  • Extending credit to a customer.

控制措施:授权控制

描述:这些控制规定了谁有权批准各种常规和非常规的交易和事件。


举例说明:指派责任来授权。

  • 雇用新员工;

  • 进行投资;

  • 订购商品和服务;以及

  • 向客户提供信贷。


Controls: Account Reconciliations

Description: This includes preparing and reviewing account reconciliations on a timely basis and taking any necessary corrective actions.


Examples: Reconciliations of bank accounts, sales transactions, intercompany balances, suspense accounts, etc.


控制:账户核对

描述:这包括及时准备和审查账户对账,并采取任何必要的纠正措施。这包括及时准备和审查账户对账,并采取任何必要的纠正措施。


举例说明:银行账户的核对、销售交易、公司间余额、暂记账户等。

Controls: IT Application Controls

Description: These controls are programmed into IT applications such as sales or purchases. They include fully automated and partially automated controls.


Examples: Checking the arithmetical accuracy of records, pricing of invoices, editing checks of input data, numerical sequence checks, and production of exception reports for manager review.

控制:IT应用控制

描述:这些控制被编入IT应用程序,如销售或采购。 它们包括完全自动化和部分自动化的控制。


举例说明:检查记录的算术准确性,发票的定价,输入数据的编辑检查,数字顺序检查,以及制作异常报告供经理审查。


Controls: Actual Results Reviews

Description: These controls involve the regular review and analyses of actual results versus budgets, forecasts, and prior-period performance.


It also involves relating different sets of data (operating or financial) to one another and comparing internal data with external sources of information. Unexpected variations would be investigated, and corrective actions would be taken.


Examples: Analysis of operating results, comparing actual results to budget, and investigating variances.


控制:实际结果审查

描述:这些控制涉及定期审查和分析实际结果与预算、预测和前期业绩的对比。


它还涉及到将不同的数据集(运营或财务)相互关联,并将内部数据与外部信息来源进行比较。意外的变化将被调查并采取纠正措施。


举例说明:分析运营结果,将实际结果与预算进行比较,并调查差异。

Controls: Physical Controls

Description: These controls relate to the physical security of assets and permitted access to entity premises, accounting records, computer programs, and data files.


Examples: Such controls consist of asset security (door locks and restricted access to inventory/records) and comparing the results of periodic cash, security, and inventory counts with accounting records.


控制:实体控制

描述:这些控制措施涉及资产的实体安全和允许进入实体场所、会计记录、计算机程序和数据文件。


举例说明:这类控制包括资产安全(门锁和限制对库存/记录的访问),以及将定期现金、安全和库存清点的结果与会计记录进行比较。


Smaller Entities | 较小的实体

Control activities are designed to prevent a material misstatement or detect and correct a misstatement after it has occurred. In smaller entities, the concepts underlying control activities are likely similar to larger entities, but their relevance to the auditor may vary considerably.


Consider the following:-