Control activities are the policies and procedures management has implemented in order to ensure that directives are carried out.

Control activities that may be relevant to a financial STATEMENT audit may be classified into the following categories:

• Performance reviews, including comparisons of actual performance with budgets, forecasts, and prior period results.
• Information processing. Controls relating to information processing are generally DESIGNED to verify accuracy, COMPLETENESS, and authorization of transactions. Specifically, controls may be classified as general controls or application controls. General controls might include controls over data center operations, systems software acquisition and maintenance, and access security; application controls apply to the processing of individual applications and are designed to ensure that transactions that are recorded are valid, AUTHORIZED, and complete.
• Physical controls, which involve adequate safeguards over the access to assets and RECORDS, include authorization for access to computer programs and files and periodic counting and comparison with amounts shown on control records.
• Segregation of duties, which is designed to reduce opportunities that allow any person to be in a position to both perpetrate and conceal errors or fraud in the normal course of his or her duties, involves assigning different people the responsibilities of authorizing transactions, recording transactions, and maintaining custody of assets.

Control activities are the policies and procedures management has implemented in order to ensure that directives are carried out.

Control activities that may be relevant to a financial statement audit may be classified into the following categories: