An organization is updating its internal financial procedures to strengthen its fraud prevention measures. Which of the following actions represents a preventive control?
Select an answer to reveal the explanation.
Short Explanation and Infographic
Think of it like this: a preventive control is a locked door. It keeps the bad guys out before they can steal your TV. A dual-signature requirement for big payments is the ultimate locked door. By requiring two people to sign off, you prevent a single bad actor from writing a huge check to their cousin. Auditing expenses later or investigating a breach after the fact are detective and corrective controls—they happen after the damage is done. Got it? Sweet.
Full explanation below image
Full Explanation
Within internal control frameworks, controls are classified based on when they occur in the transaction or event lifecycle. Preventive controls are designed to deter or prevent undesirable events or errors before they happen. Requiring dual authorization (double approval) for financial transactions above a specific threshold is a classic preventive control. It enforces segregation of duties, ensuring that no single individual has complete control over a transaction from start to finish, which significantly reduces the risk of unauthorized disbursements or fraud. In contrast, conducting audits of expense reports is a detective control, as it reviews past transactions to identify violations that have already occurred. Establishing disciplinary committees and launching post-incident investigations are corrective controls because they respond to and remediate issues after they are identified. A comprehensive compliance program utilizes a balanced mix of all three control types.