The activity-level controls. An organization consists of various departments and each department comprises of various sub-departments or units. For example, a financial department may comprise of different sub-departments such as financial reporting, taxation, budgeting, payments, etc. 

Activity-Level Controls

Activity-level controls are embedded in departments, sub-departments, or processes. They are designed and implemented by management. Activity-level controls protect the specific department or process from a variety of risks and threats. 

Activity-level controls are developed for the different departments and functions of the organization such as finance, marketing, manufacturing, sales, research and development, operations, treasury, etc. Activity-level controls are designed and implemented to identify threats and mitigate the process-level inherent risks. Each sub-department has different processes such as a payments sub-department, which typically has processes such as receiving invoices, checking balances, preparing payment advice, taking approvals, and making payments to vendors.

Similarly, the compliance department of an organization may have different sub-departments or processes such as the anti-money laundering (AML) department, internal controls department, regulatory compliance department, etc. All these sub-departments of compliance must have defined processes and controls. For example, the AML department performs transaction monitoring and investigates the alerts generated by the AML monitoring system on breaches of customers’ transaction thresholds set by management. Generation of automatic alert by AML monitoring system, on breach of transaction threshold, is an activity-level control. 

Such controls relate to a class of transactions, account balance, or financial statement assertion. Account balance may be sales account, purchase account, revenue account, receivable account, etc. Controls are built into this class of transactions and account balances to ensure that financial reporting and statements are prepared honestly and fairly. Activity-level controls ensure that errors and frauds in the business processes and transactions are identified on a timely basis. 

Implementation of activity-level controls in the processes and departments provide employees with a structured approach to perform their duties and responsibilities. All the employees and staff are required to follow the processes and embedded controls. The activity-level controls impact how employees and staff perform their duties and responsibilities on daily basis. Irregularities in transactions and activities are highlighted through the application of activity-level controls. The development and implementation of activity-level controls are an important part of the overall internal control system of the organization. 

Examples Of Activity-Level Controls

Let’s discuss some examples and selected best practices of activity-level controls.

Approval to Purchase Fixed Assets

Management develops the purchase process where all requisitions for fixed asset purchases are required to be approved by the head of finance. The requirement of taking approval to purchase fixed assets from the head of finance is an activity-level control.

Preparation and Review of Bank Reconciliation Statement

Another example is where the accounts officer is required to prepare the bank reconciliation statements and get them reviewed by the head of finance. The purpose of a bank reconciliation statement is to identify the differences between the bank balance and the balance shown by management in the cash book of the organization. Preparation and review of bank reconciliation statements is an activity-level control.

Variance Analysis

Preparation of the annual budget is a significant activity in any organization, which requires the use of judgments, facts, and predictions. The budgeting department of the organization prepares the budget and gets it approved by the board of directors. The budgeting department is usually required to monitor the budget during the year and to identify the variances between the budgeted amounts and actual results. Variances may be due to various factors such as higher inflation rates than predicted at the time of preparation of the budget and currency devaluation. Performing variance analysis periodically is an example of an activity-level control. 

Activity-Level Controls Purpose

Activity level controls are concerned with a specific type of transaction, account balance, or financial statement disclosure. A business typically has three to six major distinct business activities, which may include:

• Revenue recognition/cash collection/sales/accounts receivable
• Purchases/receivables/expenses/cash disbursements
• Inventory
• Interest/debt expense
• Hiring/payroll

Controls in each of these activities will impact a smaller portion of the financial statements and will have a direct impact on the nature and timing of other auditing procedures for that activity. The following is an overview of activity level controls:

• Accounts payable transaction processing should be separated from bank reconciliations.
• New vendor approval requirements
• Account reconciliation on a regular basis
• Policies for time card approval
• Changes in pay rates must be approved

Under the new standards, auditors must assess whether the design of internal controls is such that the combination of controls is capable of detecting or correcting material misstatements in financial statements. Understanding the nature of a control allows for an effective risk assessment, which in turn allows for an effective and efficient audit strategy.

Final Thoughts

Under the new standards, auditors must assess whether the design of internal controls is such that the combination of controls is capable of detecting or correcting material misstatements in financial statements. Understanding the nature of a control allows for an effective risk assessment, which in turn allows for an effective and efficient audit strategy.