
Explanation:
The Institute of Internal Auditors (IIA) classifies internal controls into four types: preventive, detective, corrective, and directive. Preventive controls are designed to prevent errors or irregularities from occurring. They are proactive controls that help to ensure departmental directives are carried out and that the organization’s objectives are achieved. Detective controls, on the other hand, are designed to find errors or irregularities that have already occurred. Corrective controls aim to correct errors that have been detected, while directive controls guide operations towards achieving the organization’s objectives. Grey’s statement accurately reflects this classification.
Choice B is incorrect. Directive controls do not aim to alert the firm if an incident occurs. Instead, they are designed to guide operations towards achieving set objectives and ensuring compliance with laws and regulations. Alerting the firm of incidents is typically a function of detective controls, which identify and report on incidents that have already occurred.
Choice C is incorrect. The examples provided are not preventive controls but rather detective controls. Preventive controls aim to prevent an incident from occurring in the first place, such as segregation of duties or authorization requirements for certain transactions. Smoke alarms and credit card notifications of potentially fraudulent transactions are examples of detective controls as they identify and report on incidents after they have occurred.
Ultimate access to all questions.
Q.5076 Christian Grey, an FRM Part II candidate, wishes to present on different types of internal controls, the process of internal control design, and control testing in operational risk management. Which of the following statement made by Grey is correct?
A
According to the Institute of Internal Auditors, controls can be of four types, i.e., preventive, detective, corrective, and directive controls
B
Directive controls aim to alert the firm if an incident occurs to accelerate its resolution and limit the impact of the incident on the firm or its stakeholders
C
Examples of preventive controls include smoke alarms and credit card notifications of potentially fraudulent transactions
D
Directive controls are always part of control taxonomies
No comments yet.