A corporate finance policy mandates that any disbursement exceeding $10,000 must receive digital authorization from both the department head and the Chief Financial Officer before funds can be released. How is this control mechanism classified?
Select an answer to reveal the explanation.
Short Explanation and Infographic
Think of it like this: you want to buy a high-end server, but it costs twelve grand. You can't just swipe the company card and walk away; the system literally locks up until two different bosses sign off on it. That is a classic preventive control. It steps in and stops the transaction before the money leaves the bank. It's not detective (choice A) because it's not looking at history to find a mistake that already happened. It's not corrective (choice B) because there's nothing to fix yet. It's a barrier designed to keep unauthorized spending from happening in the first place.
Full explanation below image
Full Explanation
A dual-authorization requirement for transactions exceeding a specific monetary threshold is a classic example of a preventive control. Preventive controls are designed to deter or prevent errors, fraud, or unauthorized activities before they occur. By requiring two separate approvals (a 'four-eyes' principle) before funds are disbursed, the organization reduces the risk of unauthorized spending, collusion, or financial misappropriation. Option A (detective control) is incorrect because detective controls identify anomalies after a transaction has already been completed (e.g., post-payment audits or reconciliation). Option B (corrective control) is incorrect because corrective controls rectify errors or violations after they are identified (e.g., reclaiming unauthorized funds or updating thresholds). Option D (retroactive reporting control) is incorrect because it refers to post-hoc reporting, which is a form of detective control rather than a block on outbound funds.