top of page

Controls and policies

Controls are there to prevent or catch something. There are two types of controls, preventive and detective. A preventive control prevent someone from doing something. Just like a password to get into your bank account. Nobody can access your bank account unless they know the password, so therefore it prevents someone from accessing something. A detective control is after the fact. It detects an activity after it's done. Just like reconciling each transaction from your bank account to your accounting software to find if all transactions have been entered and recorded. If you are missing a transaction in your accounting software, you will detect it as it doesn't match your bank account. Without controls in place, misstatement due to mistakes and fraud can slip it's way into your financial statements.

​

Policies are rule and regulations to prevent nuances. If you want someone to do something in a specific way you will put a policy in place to maintain control over the desired effect. As an example, let's say you want your clients to pay no longer than 30 days after the invoice is issued. To do so, you will put in place a policy to have your systems automatically put the terms net 30 days on every invoice. If a customer complains of the 30 day terms and would like 45 days, a process is put in place to have the approval of a manager or director, after careful review of the clients paying habits and history with the company. If approved, then the terms can be changed, if not, the terms stays the same. As you can see, if a customer proposes 45 days, a chain of event is put in place to make it run through the right process. Let's say there wouldn't be a policy in place when the customer proposes 45 days. The employee receiving the request, will not know what to do and will probably do two things, one, he will tell the customer he can't do it or, two, will give the 45 days without asking if it's correct as there is no rules or regulation preventing him from giving the net 45 days term. Unfortunately, not all rules and regulations are followed, therefore, having a policy in place make it easier to discipline a subordinate if he/she  doesn't follow the policy because it is clearly indicated what to do and not do. Without the policy in place a subordinate can just say, "I didn't know" and would be cleared of misconduct as there is no clear rules on the matter.

bottom of page