Control Activities

Control Activities are a set of rules, procedures, and guidelines that management defines and enforces to reduce business risks, improve performance, and achieve goals. Designed as part of internal controls, these policies safeguard a company’s financial interest, protect its assets, and strengthen company-wide governance.

These controls are part of management directives. Detection, prevention, and correction are a few measures companies take to maintain financial integrity through these controls. Control activities play a key role in a company’s internal control framework. These rules establish the roles and responsibilities of each stakeholder in an organization.

• Control activities refer to the processes, systems, and protocols an organization develops and requires its people to follow to mitigate potential risks or threats.
• Such procedures are set to increase a company’s efficiency through continuous monitoring, modification, and improvement. 
• Based on a company’s unique requirements, various types of controls can be implemented. Prevention, detection, and correction are results companies can achieve by implementing controls.
• These controls enhance accountability, improve reporting procedures, build stakeholder confidence, enhance governance, and boost the efficiency of a business. 

Control activities are guidelines that govern how organizations function. It acts as a guiding principle or tool to regulate work and reduce the risks associated with business. These protocols control and monitor activities within an organization. For example, a firm may use inventory management software and install security cameras to prevent losses or theft.

Organizations can forestall fraud through such measures. Accounting errors and financial mismanagement can be prevented by following standard operating procedures and accounting principles. It must be noted that such internal controls are developed with an organization’s specific requirements in mind, and promoting accountability and a culture of ethical conduct is crucial to its success.

Flowcharts can help design, apply, and implement control activities. For this, companies follow certain steps, which broadly involve the following: 

• Process setup and risk identification: The first step while designing internal control activities starts with the environment itself. It is important to observe the culture within an organization and detect inherent risks based on a company’s business model. After processes are defined, each risk can be independently outlined. When a firm is able to identify such threats, it is possible to develop controls that will help reduce them.
• Stakeholder communication: Companies must communicate how all internal processes and systems work, starting with a discussion on why such measures and systems are important.
• Control objectives definition and alignment: Once risks are identified and ascertained, the next step is to develop measures to reduce these risks based on a company's goals. Setting realistic, time-bound, and achievable goals goes a long way in ensuring effectiveness. 
• Implementation and monitoring: This is a key step in ensuring compliance. For instance, employees must abide by quality control activities to maintain quality and uphold a company’s brand reputation. Assigning roles and responsibilities to internal departments strengthens the business ecosystem. Regular audits and performance reviews help track process control efficiency, progress, and compliance. If improvements are possible, they can be initiated based on such review and monitoring.

Internal control activities include various controls offering preventive, directive, detective, and corrective results. Let us study some of them in this section.

• Segregation of duties and responsibilities: Duties and responsibilities are divided among departments, teams, and employees. Management assigns roles and responsibilities to individuals to reduce errors or mistakes. For example, a company’s accounting department is in charge of tracking all cash transactions.
• Process reconciliation and review: Companies scan operational, accounting, financial, and other forms of data to understand whether processes and systems were followed. This is done with a view to detecting fraud, improving decision-making, enhancing performance, and boosting revenue.
• Authorization and approval: Authorization and approval refers to how employees, teams, and departments initiate and complete tasks only after receiving the required approvals. Such controls require people to follow processes where transactions, tasks, plans, etc., are approved after deliberate review. For example, budgets need to be approved by the right people through the proper channel before they can be finalized and implemented.
• Documentation and recordkeeping: Documenting and recording activities, tasks, transactions, communication (internal and external), agreements, contracts, permits, licenses, penalty notices, etc., are crucial across nearly every industry. It helps management keep an eye on whether a business is compliant since the cost of non-compliance is steep. Companies also require documentation for audits and to avoid potential legal repercussions in case of violations (intentional or unintentional).
• Physical and digital security: Many times, physical measures are implemented for the safety and security of people, assets, inventory, and equipment in the workplace. Installing security cameras, digital lockers, antivirus, cyber monitoring software, etc., is quite common in today’s business scenario. 
• Employee training: Companies prefer training their internal teams, departments, and employees to ensure compliance. Such training sessions familiarize people with company guidelines and internal controls.

Other forms of controls (technological, financial, operational, etc.) include background checks (employees, vendors, etc.), access controls (to data, premises, etc.), physical inspections (inventory, equipment, etc.), firewall installation, data privacy & security protocols, etc. Technology plays an important role today in implementing control measures across organizations.

Let us study some examples of this concept.

Example #1

Suppose Moonstone Apparel Ltd. is a fashion brand. The company has various departments, including marketing, sales, accounting, etc. Each department performs different functions, follows set procedures, and operates according to the guidelines defined for them. For instance, the marketing team promotes the brand and acquires more customers. The accounting team records transactions, monitors budgets, etc. Similarly, all other departments carry out their functions after receiving approvals from the relevant seniors or management representatives. 

If executives at Moonstone Apparel Ltd. stop following internal processes while completing their tasks, the company may be exposed to lapses in compliance and product quality, among several other things. This can affect its brand image and, consequently, its revenue. To avoid such a situation, management directs internal teams to adhere to specified procedures.

It can be said that the controls at Moonstone Apparel Ltd. are effective in mitigating business and operational risks.

Example #2

A January 2024 article discusses how Optimal Industrial Automation, a pharmaceutical company, enforces quality control activities to improve its operations. Matt Jones, an account manager at the company, explained how vision systems were deployed to curb quality issues related to the packaging of Oral Solid Dosage (OSD) drugs.

If blister packets, which are in great demand due to cost and ease of use considerations, are not handled well, OSD tablets packed in them may be damaged. Tablets that are chipped or broken or those that contain foreign objects or particles must be eliminated at all costs to safeguard the company’s financial interest. Hence, the company follows industrial automation techniques to prevent both operational and quality lapses. This ensures that the company packs only those tablets that are fit for consumption.

Through such quality control measures, Optimal Industrial Automation is not only controlling its internal processes but also protecting its reputation, packaging finesse, and corporate image.

In this section, let us discuss the benefits of controls.

• Increases efficiency: They improve business performance. Resource optimization, wastage control, process efficiency, and productivity boost are important benefits of such controls.
• Helps mitigate potential threats: These controls help entities identify, detect, and mitigate risks that could otherwise undermine a company’s business goals. They focus on reducing a company’s vulnerability to financial, operational, reputational, and other risks.
• Enhances accountability and reporting procedures: With various controls in place, the level of accountability increases, and each department, team, and employee follow the defined hierarchy or reporting chain. For example, audit control activities facilitate compliance and accurate reporting.
• Boosts governance and stakeholder confidence: For stakeholders, control activities signify a company's performance. With proper systems, shareholders, customers, and other stakeholders feel safe and develop trust. This is because they are confident in the organization’s commitment to governance and compliance. 
• Defines roles and responsibilities: When every member of a company is clear about their responsibilities, they can perform well and update their skills from time to time. Also, training endeavors become more meaningful.

This article has been a guide to what are Control Activities. Here, we explain the concept in detail, along with its examples, types, and benefits. You may also find some useful articles here -

• Control Framework
• Cost Control
• Test Of Control