What is a generic control? The first thing to say here is to reiterate a basic but fundamental point: a strong system of internal controls is a necessary prerequisite for successfully preventing and deterring fraud in any organization. Other important factors include appropriate remuneration and incentive schemes for managers and employees, but strong internal controls are the foundation of an effective anti-fraud framework.
What Is A Generic Control?
Generic controls work as the foundation of the overall internal controls system built to prevent and detect fraud incidents and risks. Generic controls are applied in every process and department. Generic controls aim to segregate the functions and duties and bring transparency into the processes and activities of the organization.
Segregation Of Duties
Segregation of duties means that management defines the job roles and activities and segregates between employees according to their level of expertise. It reduces or minimizes the risk of errors and fraud. For example, duties associated with the handling of cash in a bank are often segregated. Segregation of duties is also relevant to departments and functions. For example, in an organization, the internal audit department is segregated from the finance department, with a reporting line directly to the board audit committee.
Delegations Of Authority And Authorization Limits
Management defines different authorization and approval limits for different departments and functions of the organization. Management and employees are required to comply with such authorization and approval limits which are approved by the board and senior management.
For example, an officer may be authorized to buy assets up to the value of $100, but for assets costing more than $100, the asset purchase may have to be approved by a senior manager.
Another example related to authorization is the authorization of acquisition of any asset or asset above the value of $2000, by the departmental head.
Authorization and approval limits are periodically reviewed for necessary amendments in the assigned limits. Periodic review is performed due to the fact the employees resign from the organization due to which authorization rights previously granted to the resigned employee are assigned to the new joiner or backup employee.
Measures and actions taken in advance to prevent or impede the development and strengthening of new risks. This entails avoiding latent hazards and vulnerabilities. Risk prevention, when viewed in this light, falls under Prospective Risk Management. Because absolute prevention is rarely possible, prevention has a semi-utopian connotation and should be viewed through the lens of what is considered acceptable risk, which is socially determined at its levels.
All measures taken under statutory provisions and other regulations to ensure occupational safety and health protection at work, as well as other measures taken by the employer to prevent or eliminate risks, or to lessen the impact of risks that cannot be eliminated
Internal fraud has a broad definition. It is thought to happen when a current or former employee steals, modifies, or destroys business information such as customer data or assets such as computer software or physical assets for personal gain. It could involve extortion from or collusion with other individuals, or it could involve falsification of financial or other company records.