1. General controls make sure an organization’s control environment is stable and well managed. Examples include security IT infrastructure and software acquisition, development, and maintenance controls. 2. Application controls prevent, detect, and correct transaction errors and fraud in application programs. They are concerned with the accuracy, completeness, validity, threat/event - Any potential adverse occurrence or unwanted event that could injure the AIS or the organization. exposure/impact - The potential dollar loss should a particular threat become a reality. likelihood - The probability that a threat will come to pass. internal controls - The processes and procedures implemented to provide reasonable assurance that control objectives are met. preventive controls - Controls that deter problems before they arise. detective controls - Controls designed to discover control problems that were not prevented. corrective controls - Controls that identify and correct problems as well as correct and recover from the resulting errors. general controls - Controls designed to make sure an organizations information system and control environment is stable and well managed. application controls - Controls that prevent, detect, and correct transaction errors and fraud in application programs.