AUCKLAND · FACULTY OF ACCOUNTING

BUSACT702 · Accounting Information Systems

- one subject, every graph, every model, every mark
Accounting14 Chapters9-page Bible
Our own words - no uploaded lecturer files
Updated for this semester
Chapter 4 of 11 · BUSACT 702

Internal Controls: Activity -> Risk -> Control

This chapter is the second core skill of University of Auckland BUSACT 702: evaluating a process for control. You learn the purpose and types of controls (preventive, detective, corrective), the activity -> risk -> control technique for working through a process one step at a time, and key principles such as segregation of duties. Alongside the flowchart, 'read this narrative, identify the risks and recommend controls' is a standard assessed task, delivered as a three-column table.

In this chapter

What this chapter covers

  • 01Purpose of internal control: safeguard assets, ensure reliable records, promote efficiency and compliance
  • 02Control types: preventive (stop it happening), detective (find it after), corrective (fix it and prevent recurrence)
  • 03The activity -> risk -> control technique: for each activity, name the risk/weakness, then the control that corrects it (a three-column table)
  • 04Segregation of duties: separate authorisation, recording and custody so no one person controls a whole transaction
  • 05Recurring controls: independent authorisation, sequential (pre-)numbering of documents, exception reporting, blind purchase orders, three-way match
  • 06More controls: credit checks and limits, periodic stocktakes, independent master-data maintenance, dual signatories, regular bank reconciliations, edit/validity checks, barcodes/RFID
  • 07Anti-fraud/anti-kickback controls: gift and conflict-of-interest policies, job rotation, enforced annual leave, supplier audits
  • 08How controls read off a flowchart: a documented weakness (e.g. one person doing sales, billing and shipping) is a segregation-of-duties finding
Worked example · free

Spotting a control weakness and recommending the fix

Q [4 marks]. At a distributor, one clerk, Nancy, prepares the sales order, produces the invoice AND arranges shipping; a sales order is prepared whether or not the customer's remittance has been received. Working activity by activity, identify the two control weaknesses and recommend a control for each.
  • +1Weakness 1 — segregation of duties. One person (Nancy) controls sales order, billing AND shipping — three duties that should be separated. Risk: she could create fictitious sales, ship goods to a favoured party and bill incorrectly with no independent check.
  • +1Control for 1. Segregate the duties: assign order entry, billing and shipping to different people (or add independent review/authorisation of each step), so no single person both records and has custody of the transaction.
  • +1Weakness 2 — order prepared regardless of remittance. Preparing a sales order without confirming the remittance/credit position risks selling to non-paying customers and overstating receivables.
  • +1Control for 2. Require an independent credit check / credit-limit approval before the order is created, and match the order to the remittance or an approved credit line; use accounts-receivable ageing and exception reporting to catch overdue accounts.
Weakness 1 = concentration of sales, billing and shipping in one person -> segregate the duties / add independent authorisation. Weakness 2 = orders prepared without checking remittance/credit -> require an independent credit check and credit-limit approval before order creation.
Sia tip — Run the table in order: activity, then risk, then control — never jump straight to a control. Segregation of duties is the most-rewarded finding, so whenever one person authorises, records AND holds custody, flag it first.
Glossary

Key terms

Preventive control
A control that stops an error or fraud before it happens — e.g. requiring authorisation before a payment, or a credit check before a sale.
Detective control
A control that finds an error or fraud after it has happened — e.g. a bank reconciliation, an exception report or an independent stocktake.
Corrective control
A control that fixes a problem once detected and prevents its recurrence — e.g. re-running a failed batch and adding an edit check.
Segregation of duties
Separating the authorisation, recording and custody of a transaction across different people so no one individual can commit and conceal an error or fraud.
Three-way match
Matching the purchase order, the goods-received (receiving) report and the supplier invoice before payment, so you only pay for goods ordered and received at the agreed price.
Exception reporting
A detective control that flags transactions falling outside expected parameters (e.g. an over-limit order or an unusually large payment) for review.
FAQ

Internal Controls: Activity -> Risk -> Control FAQ

What is the activity -> risk -> control technique?

It is the course's method for evaluating a process: take each activity in turn, name the risk or weakness at that step, then state the internal control that corrects it. You present it as a three-column table across the whole transaction cycle.

What is the difference between preventive, detective and corrective controls?

Preventive controls stop a problem before it happens; detective controls find it afterwards; corrective controls fix it and stop it recurring. A strong system layers all three.

Why is segregation of duties so heavily emphasised?

Because concentrating authorisation, recording and custody in one person is the single most common and most dangerous weakness — it lets someone both commit and conceal a fraud. It is the finding the cases are built to expose, so flag it whenever you see it.

How do I find controls from a flowchart or narrative?

Walk it step by step. At each activity ask: what could go wrong here (the risk), and what control would prevent, detect or correct it? Common answers are segregation of duties, independent authorisation, sequential numbering, three-way match, credit checks and bank reconciliations.

Can Sia drill me on risk-and-control analysis?

Yes — paste a process narrative and Sia will build the activity -> risk -> control table with you and check your reasoning, as a study aid. It does not complete graded assessments for you; University of Auckland academic-integrity rules apply.

Study strategy

Exam move

Build a controls memory sheet you can apply to any narrative: the three control types (preventive/detective/corrective) and the recurring controls (segregation of duties, independent authorisation, sequential numbering, blind POs, three-way match, credit checks, stocktakes, bank reconciliations, exception reporting, edit checks). Then drill the Porcelain and Polyanna style cases: for each activity write risk then control, in a strict three-column table, always leading with any segregation-of-duties breach. Practise reading controls straight off a flowchart, because the secure test can ask you to critique as well as draw. Confirm which cases and depth your quarter emphasises on Canvas.

Working through Internal Controls: Activity -> Risk -> Control in BUSACT 702? Sia is AskSia’s AI Accounting tutor — ask any BUSACT 702 Internal Controls: Activity -> Risk -> Control question and get a clear, step-by-step explanation grounded in how BUSACT 702 is taught and assessed. Read this chapter free, then take your hardest questions to Sia.

A+Everything unlocked
Unlocks this Bible + your other AUCKLAND subjects - and 1,000+ Bibles across every Australian university.
Sia - your BUSACT702 tutor, unlimited, worked the way the exam marks it
The full 9-page Bible + practice bank with worked solutions
Chrome extension - sync your LMS so Sia knows your deadlines
Bilingual EN / Chinese on every Bible and every Sia answer
$25/ month
30-day money-back · cancel in one tap · how it works
BUSACT702 · Accounting Information Systems - independent study guide on the AskSia Library. More AUCKLAND subjects · Microeconomics across all universities
Unlock the full BUSACT702 Bible + your other AUCKLAND subjects解锁完整 BUSACT702 Bible + AUCKLAND 全部科目
$25/mo