Control activities

Control activities mitigate the risks identified and ensure accurate and reliable financial reporting as well as process efficiency.

Control activities include both general and detailed controls aimed at preventing, detecting and correcting errors and irregularities. In the ECS, the following types of controls are implemented, documented and tested:

Manual and application controls – to secure that key risks related to financial reporting within processes are controlled.
IT general controls – to secure the IT environment for key applications.
Entity-wide controls – to secure and enhance the control environment.

Control activities – Example

Process	Risk assessed	Control activity
Closing Routine	Risk of incorrect financial reporting.	Reconciliation between general ledger and accounts receivable sub-ledger is performed, documented and approved.
Manage IT	Risk of unauthorized/incorrect changes in the IT environment.	All changes in the IT environment are authorized, tested, verified and finally approved.
Order to Cash	Risk of not receiving payment from customers in due time.	Customers’ payments are monitored and outstanding payments are followed up.
Order to Cash	Risk of incurring bad debt.	Application automatically blocks sales orders/deliveries when the credit limit is exceeded.