Question

We can classify a company's control procedures into three major types: preventive controls, detective controls, and corrective controls.

What is the difference between prventive controls, detective controls and corrective controls?

Answer 1

the internal control shield is composed of three levels of control: preventive controls, detective controls, and corrective

controls. This is thePreventive-Detective-Corrective (PDC)control model.

Preventive Controls.

Prevention is the first line of the defense in the control structure.

Preventive controls are passive techniques designed to reducethe frequency of occurrence of undesirable events.

Preventive controls force compliance with prescribed or

desired actions and thus screen out aberrantevents.

When designing internal control systems, an ounce of pevention is most certainly worth apound of cure. Preventing

errors and fraud is far more cost effective than detecting and correcting problems after they occur. The vast majority of

undesirable events can be blocked at this first level. For example, a well designed source document is an example

of preventive control. The logical layout of thedocument

into zones that contain specific data, such as customer name, address, items, sold andquantity, forces that clerk to enter the necessary data. The source documents can therefore

prevent necessary data from being omitted. However, not all

problems can be anticipated and prevented. Somewill elude

the most comprehensive network of preventive controls.

Detective Controls.

Detective controls form the second line of defense.

These are devices,techniques,and procedures designed to identify and expose undesirable events that elude preventive controls.Detective controls reveal specific types of errors by comparing actual occurrences to pre-established standards. When the detective control identifies a departure from standard, it sounds an alarm toattract

attention to the problem. For example, assume a clerk entered the following data on a customersales order: quantity 10;

Price $10; Total $1000Before processing this transaction and posting to the accounts, a detective control should recalculatethe total value using the price and quantity. Thus the error in total price would be detected.

Corrective Controls.

Corrective controls are actions taken to reverse the effects

of errors detected in theprevious step/ There is an important

distinction between detective controls and corrective controls.Detective controls indentify anomalies and draw attention to them;corrective controls actually fix theproblem. For any

detected error, however, there may be more than one feasible

corrective action, butthe best course of action may not always be obvious. For example, in viewing the error above, your

firstinclination may have been to change the total value on the document are correct; they may not be. Atthis point, we cannot determine the real cause of the problems; we know only that one exists.Linking a corrective action to a detected error, as an automatic response, may result in an incorrectaction that

causes a worse problem than the original error. For this reason, error correction should beviewed as a separate control step

that should be taken cautiously.The PDC control model is

conceptually pleasing but offers little practical guidance for

designing specificcontrols. For this, we need a more precise

framework. The current authoritative document for

specifying internal control objectives and techniques is the statement on Auditing Standards No. 78, which is basedon

the COSO framework.