ABSTRACT
Controls are actions taken by the board, management, employees, and other personnel to mitigate the likelihood and/or impact of risks. Controls are dynamic and often require a review, a decision, and an action. An emphasis on internal controls in the absence of the other components is likely futile because weaknesses in other components can undermine the quality and performance of internal controls. There are several ways of categorizing internal controls. The most common one is Preventive vs. Detective. Another category is compensating controls, which are put in place when requirements cannot be met explicitly as stated or expected. Internal controls play a key role in helping organizations achieve their objectives by mitigating the risks that threaten the achievement of objectives. In addition to controls, internal auditors should examine the need for contingency plans to protect company assets in the event that unexpected events occur.
