Video: Internal Controls Classification

In this lesson, Nick Palazzolo, CPA, dives into the frameworks of internal controls, especially as they pertain to IT and enterprise risk management. He clearly outlines the three fundamental control types—preventive, detective, and corrective—detailing their functions in safeguarding a company's system. Preventative controls aim to stop errors or fraud before they can happen, detective controls identify issues post occurrence, and corrective controls resolve and repair the damage caused. To further aid comprehension, Nick provides relatable examples and discusses specific measures such as segregation of duties and reformatted input, emphasizing that these controls, while vibrant in variety, essentially serve as vital checks within a company's control environment to ensure accuracy, security, and integrity.

"Examprep.ai helped me pass all 4 CPA exams on the first try. I highly recommend. I especially like the feedback and ratings the software provides so I know where to focus my time."

Daniel H., CPA

"I can't recommend ExamPrep.ai enough. Nick's lessons turned concepts I struggled with into strengths. I was able to pass FAR right before other exams expired!"

Andrew K, CPA

"I just want to say thank you for the great lesson videos. I couldn't stay awake through lectures of another course. After watching all your FAR lessons I was finally able to pass!"

Alyssa M., CPA Candidate

Video Transcript

Instructor: Nick Palazzolo

Nick Palazzolo is head instructor of ExamPrep.ai CPA Review. Nick's teaching style is engaging & upbeat, combining practical Big 4 tax & assurance expertise with years of 1-on-1 coaching. His lessons are concise and emphasize what you need to know to pass. Whether you're a recent grad or working full-time, we’re confident you can conquer your CPA exams with Nick’s review.

Cite this lesson

Link to this page

[[ citeExample ]]

Copy to clipboard

Copy URL to clipboard

Copy HTML to clipboard

Alright, internal controls classification. These exist in non-IT, these exist in just enterprise risk management. You've probably seen this before, going to talk about it in audit and in other parts of this exam and it relates specifically to IT as well. In order to have solid internal controls, in this case, particularly for IT, you have preventative controls that hopefully prevent most things. Obviously, in a perfect world, we would prevent everything from happening before it happens, but that is not the world we live in. So it's like a filter, right? It's a filter. If issues get through your filter and continue on, then you at least hopefully have controls to detect them if they happen. So viruses aren't in your system wreaking havoc and stealing money. And then hopefully, in addition to detective controls, you have corrective controls that fix the virus, that allow you to isolate and remove viruses.

We'll talk about these more: preventative controls, which prevent errors and fraud before they occur; detective controls, which uncover the errors and fraud after they've occurred, at least you know about them; and corrective controls, which correct the negative effects of the unwanted events. Examples. Now, some of these are IT related, some of these are not. But just to kind of get an idea of what these would be: segregation of duties, job rotation, training, dual access, authorization and approval, record keeping and custody, segregation of duties, and reformatted input.

So if maybe the system expects to see a number denominated in thousands, but in order to commit fraud, the fraudster needs to input a number that's less than a thousand. So it wouldn't let them do that. Generally, you program your system to expect a certain answer and if it doesn't get that answer because maybe it's

Unlock the full video transcript and subtitles support with a free account!

Get more from this lesson

Create an account 7-day free trial. No credit card required.

Information Systems

Module: 3 Concepts, 33 Videos

Understanding IT Overview and Objectives

3:00

IT Governance

11:52

Electronic Data Interchange

2:16

Business Information Systems