 Hello and welcome to this session in which we'll discuss preventive versus detective controls. This topic is covered in many courses but primarily auditing as well as IT information system controls and sometime it's covered in managerial accounting. So what is preventive versus detective versus controls? Well the first thing let's talk about what are controls. Controls are policies and procedures to safeguard assets and minimize financial reporting errors and or fraud. So simply put these are techniques, policies, procedures to do what to make sure your assets are protected and try to minimize or eliminate maybe you cannot eliminate financial reporting errors and fraud. So this is what controls are. Now what do we mean by now preventive controls? Now we're going to look at many examples that deals with control. How would you save your assets? How would you minimize financial reporting? We're going to look at actual example but that's the overall idea. What are you doing to making sure your assets are protected and you are not getting errors into your accounting information system? You're avoiding this. So what are preventive controls? Preventive controls are your first line of defense. In other words you start with preventive controls. It means what? It means you want to prevent the error before it occurs. So you have to have controls and we're going to look at specific examples but you want to make sure you know what preventive is before it happens. So a deter undesirable event from happening from the get-go. So before it happens you try to eliminate that error. That's the most effective control. Why? Because you're not letting the error enter into your accounting information system. The problem with preventive controls is there's an upfront cost. There's design cost. You want to make sure you do it properly and most of the cost is upfront but once it's working then you will minimize those errors and you will prevent you will prevent the errors and you will safeguard your assets. What are detective controls? Think of detective controls as your second line of defense. Well it detected the error after it happens. So now the preventive wasn't good enough. Now you got to the detective. Now you want to find the error after it happens. Well there's a continuous cost here. Why? Because you have to constantly look for the errors because preventive you do it once you set up the system. Detective you keep on looking into your accounting information system to find any errors that has to do with your financial reporting making sure your assets are productive. And the third type of control it's called corrective controls and basically from the word corrective once you find the error. So a preventive did not stop it. You found it in detective. Now what you do is you take corrective action. Correct the negative effect of the error. Maybe you create a new control. Maybe that you overlook that control but now for the corrective you will be able to restore or repair the damage that has been deducted. So those are the three controls preventive, detective and corrective. Specifically I'm going to be focusing on preventive giving you examples of how preventive controls work and giving you examples of how detective controls work. So you need to know when you look at a control what is that control? Is it detective? Is it preventive? And how does it work? Now before we define those and give more examples actually we just define them give more examples. I would like to remind you whether you are a student or a CPA candidate to take a look at my website farhatlectures.com. I don't replace your CPA review course. I don't replace your accounting course. My motto is saving accounting students and CPA candidate one at a time by providing resources, lectures, multiple choice, through false that's going to help you with your courses, understand the material better, which you will excel in your courses, which in turn will help you excel on the CPA exam. This is a partial list of my accounting courses. My CPA material is aligned with your Becker, Roger, Wiley and Gleam. So it's very easy to go back and forth between my material and your CPA review course. If you have not connected with me on LinkedIn, please do so. Take a look at my LinkedIn recommendation. Like this recording. It helped me tremendously. Share it with others. Connect with me on Instagram, Facebook, Twitter and Reddit. So first let's talk about preventive controls. What are preventive controls? Again those are your first line of defense where they're going to prevent the error from happening up front. What type of control can the company implement to have preventive controls? One is authorization. What is authorization? What is authorization? It means you cannot do something unless someone reviews it beforehand. So someone is authorizing the transaction before it occur. It requires management to formally approve certain type of transaction. Now you don't want to do every transaction because it could be time consuming. It could be a costly, but you want to have certain transaction above a certain limit transaction that you think that are sensitive important, haven't authorized by someone else. I'll give you an example. For example, when you want to buy from someone, for example, more than $2,000 or $5,000 or $500, depending on the size of the company, you cannot make that purchase unless someone authorized this transaction. For example, before you pay your employees, someone authorizes this process, review their time card, make sure they work the hours that they're supposed to work. Usually that's a supervisor and the supervisor will authorize it, then someone will pay it. Another preventive control is called segregation of duties. What is segregation means? Segregation means dividing or separating the responsibilities. Duties are responsibilities. So what you want to do when you have a transaction, you want many people involved in this transaction. You don't want one person taking a transaction from A to Z. Why? Because there's no checks and balances. So segregation of duties is a preventive control. By segregating the duties, you make sure people are looking over each other's shoulder, not only looking over each other's shoulders, that's not the point. The point is to check each other's work, checks and balances. So what you do is you want to segregate three things, authorization. So the people that authorize the transaction cannot record the transaction. Why? Because if you authorize it, you want someone to record it to make sure it was authorized properly. If you can authorize it and record it, it defeats the whole purpose of authorizing. Same thing with recording. If you can record the transaction and authorize it, it means you can record anything you want to. You cannot record anything you want to because you need authorization beforehand. So authorization, recording, and the third separation of duties, the third element is custody of the asset. So if you have custody of the asset, and let's assume cash. Well, if you have custody of the cash, you cannot authorize any transaction, you cannot record any transaction. And the same concept, if you can record the transaction, you cannot have authorization to the cash or any other asset, cash inventory or any other asset for that matter or a count receivable. Why? Because if you can do all three things at the same time, you can steal from the company and cover your tracks. So that's the purpose of segregating or separating the responsibilities related to authorizing, recording, and maintaining custody of the asset. You would reduce fraudulent payment, which is basically theft. Third preventive control is physical guards and physical safeguards. And here, hopefully, you can use your imagination. What are we talking about here? We're talking about fences, cameras, locks, sensors, physical barriers to protect the asset. Why? Because you don't want to have people have access to the assets easily because it can be misappropriated. The technical word misappropriated, the simple word theft. You want to prevent theft. So that's what you do. No one can access the cash unless they are authorized. No one can access the inventory unless they're authorized. This is what you do. So those are some preventive controls that the company can make to safeguard of the asset and minimize the error in the accounting system. What are some other preventive controls the company can do? A job rotation. Don't keep the same person, especially in the accounting department, doing the same job repeatedly. Have someone else switch people from accounts payable to inventory or from inventory to cash, switch their responsibilities. So this way they can review each other's work. Proper hiring and training of employees. That's a preventive control right from the get go. When you hire someone, you vet them. You vet them. You look at their background. You look at their education. You make sure they're qualified and make sure they're competent. Also train them. So this way you prevent errors from happening from the beginning. You could also have what's called pre-formatted input. For example, there are certain items that the employee cannot change. The date of the transaction. It's automatically there if it's a computer system and other inputs as well. But again, the point is to prevent errors from happening upfront. Also having an information security system. An information security system can be considered both. It have a preventive measures and detective measures. Here we are. We are talking about a control such as passwords. So if you are an AP clerk or an AR clerk, you can only access that module in the system. Or if you work in payroll, you access that module access logs. You can know who access what at what time and what did they do. You can review the logs to ensure appropriate data restriction because you don't want access. You don't want to give access to everyone in the company for everything in the company. So information system could be considered preventive right from the get go or like access logs is detective. You can go back and find out what happened. Let's talk about detective controls. The first thing is in detective controls is you have to maintain records. You have to have a policy that we want to keep those records for three years for five years emails documents purchase order sales order so on and so forth because if you have no record, then how can you detect something if you don't have the evidence to look at? So maintaining written or electronic evidence to support transaction. If you don't have a policy, you should have a policy. How long should I keep those records? Five, seven. Now for publicly traded companies, they are required for a certain amount of time to keep those records. But even if it's a small company, you should have your own policy. Performance review. You're reviewing other people's work. How would you do it? Comparing actual performance to various benchmark to identify any unexpected results. You can do variance analysis. You can do budget actual versus actual versus budgeted. Those are performance review to detect anything that's unusual going on with the company. So you should always review the transaction comparing the performance to some standard to some benchmark. Why to detect anything that's going on wrong reconciliation is an important detective control as well. What is reconciliation relating data set to one another to identify and resolve discrepancy? The best example of reconciliation is a bank reconciliation. In a bank reconciliation, you would look at your bank statement and you will compare your bank statement to your general ledger for cash. And what you do is you compare everything on both to make sure because they should be the same. Those two, your bank statement and your cash general ledger should have the same figures. So you want to make sure everything in your bank statement is properly recorded in your general ledger and everything in your cash general ledger is also recorded in the bank statement. Because of the timing differences, what you have to do on a monthly basis, you have to prepare a bank reconciliation. Now, if you go to my intermediate accounting course, I have or my financial accounting to farhatlectures.com, I have lessons and examples about how a bank reconciliation work. But a bank reconciliation or any form of reconciliation, this is one example of a reconciliation. Also, you can add up all your individual general ledger, sub ledger account receivable, all the customers and compare that to the general ledger account receivable to make sure all the customers are being accounted for in the account receivable. That's another form of a reconciliation. Reconciliation is very common in accounting. You really need to know how to perform reconciliation. You could have many other detective controls that are IT in nature, information technology in nature. Those are batch total, hash total, check digits, limit digits, validity checks. We're not going to cover them in this session because this session is very general. But if you're looking more on IT control, go to my audit course farhatlectures.com where I discuss these topics in detail where I have IT controls. Also, you have to understand there are limitations of control or controls. What are the limitations? Mainly, there are two limitations for control. One is cost benefit. Yes, the company can have enough segregation of duties, enough IT controls to prevent errors from happening. But sometime, the cost of having maintaining a control is very expensive relative, very costly relative to the benefit. So there should be a cost benefit. It doesn't mean cost benefit is the only driven aspect of having a control. But you have to look at, you know, how much should I spend on this? Is it worth it? If you have inventory worth worth of 5,000, how much you will spend to safeguard that inventory? Will you spend 20,000? Will you spend 1,000? You have to have a cost benefit. What is my cost? What's my benefit? Another limitation of internal control. Limitation means the internal control is not working as as properly as it should. Like all the controls is collusion. Well, let's assume you segregated the transaction between three different individuals to make sure they are looking over each other's work. What happened if the of those individuals collude with each other? Now three, it's harder. Maybe two, it's easier. But the more people you have involved, the better off you are, unless those people are working together to defeat the internal control, then the internal control becomes baseless, useless, and it doesn't work as it should work. What should you do now? Go to farhatlectures.com, whatever course you are taking, if it's auditing or managerial accounting and work multiple choice questions. To reinforce those concepts, what we just learned. Accounting is an investment. Don't shortchange yourself. Subscribe, study hard, good luck, and of course, stay safe.