Launch offer — 25% off with code LAUNCH-25 See plans →
Try now → N
📚 Learn/ / Audit Chapter 3
Microlesson · 5-min read

Control Activities — Types and Purpose

## Control Activities

Control Activities are the policies and procedures that help ensure management directives are carried out. They represent one of the five components of Internal Control.

### Five Types of Control Activities

#TypeWhat It Means
iPerformance ReviewReview of actual performance against budgeted performance. Variance analysis and comparison.
iiPhysical ControlsControls over the physical security of assets (locks, safes, access restrictions).
iiiSegregation of DutiesDifferent persons are assigned different authority and responsibility so that no single person controls an entire transaction cycle.
ivInformation Processing ControlsControls over accuracy of data processing. Includes: automatic controls (system-generated), program change controls, etc.
vAuthorisation ControlsEnsures only approved transactions are processed; transactions require proper approval before execution.

### Why Segregation of Duties Matters

The core principle: a person who initiates a transaction should not also record it or have custody of the related asset. This reduces the risk that errors or fraud go undetected.

Example: The person who writes cheques should not also reconcile the bank statement.

### Information Processing Controls — Two Sub-types

  • Application Controls: Automated checks within a specific application (input validation, sequence checks, range checks).
  • General (IT) Controls: Broader controls over the IT environment (access controls, program change management, backup procedures).

Worked example

### Example 1

Example 1 — Segregation of Duties in a Purchase Cycle:

The purchase department raises a purchase order. The stores department receives goods and records receipt. The accounts department verifies the invoice against the PO and receipt note. Finally, a senior manager approves the payment. Each function is handled by a different person — this is effective segregation of duties.

### Example 2

Example 2 — Performance Review Control:

A factory's monthly budget for raw material consumption is ₹10 lakhs. At month-end, the controller compares actual consumption of ₹13 lakhs and investigates the ₹3 lakh variance. This review control detects potential wastage, theft, or errors early.

### Example 3

Exam MCQ Pattern:

Which of the following is an example of an Information Processing Control?

(a) Monthly budget vs actual review

(b) Password protection on accounting software

(c) Storing blank cheques in a safe

(d) Separate persons for authorisation and payment

Answer: (b) — Password protection is an IT/information processing control. (a) is a performance review; (c) is a physical control; (d) is segregation of duties.

⚠️ Common exam mistakes

  • Confusing Physical Controls with Segregation of Duties — physical controls relate to assets (safes, locks), while segregation is about people and authority.
  • Treating Authorisation and Information Processing as the same — authorisation is about approval of transactions; information processing is about accuracy of data within systems.
  • Forgetting that Information Processing Controls include both manual and automated (program-based) controls — students often list only IT controls here.
  • Writing only 3–4 types when the examiner asks for 'five types of control activities' — always remember all five: Performance Review, Physical Controls, Segregation of Duties, Information Processing, Authorisation.
Reference:
← Previous
Components of ROMM – Inherent
Next →
Controls Relevant to Audit — F
Now that you've read this — what's next?
Move from understanding → mastery in 3 clicks. Each option below picks up from this lesson's topic.
🔥 Drill 5 Qs on this → ✍️ Adaptive practice →
Start 15-min diagnostic