[1] Control activities are the actions established through policies and procedures that help ensure that management’s directives to mitigate risks to the achievement of objectives are carried out. Control activities are performed at all levels of the entity, at various stages within business processes, and over the technology environment. They may be preventive or detective in nature and may encompass a range of manual and automated activities. Segregation of duties is typically built into the selection and development of control activities. Where segregation of duties is not practical, management selects and develops alternative control activities.
1 Committee of Sponsoring Organizations of the Treadway Commission (COSO), Internal Control – Integrated Framework (Executive Summary, May 2013), pg. 4.
Principles
10. Select and develop control activities to diminish risk
11. Select and develop general controls over technology
12. Deploy control activities through policies and procedures