1. Proper authorization of transactions and activities 2. Segregation of duties 3. Project development and acquisition controls 4. Change management controls 5. Design and use of documents and records 6. Safeguarding assets, records, and data 7. Independent checks on performance Focus 7-1 discusses how a violation of specific control activities, combined with internal environment factors, resulted in a fraud. PROPER AUTHORIZATION OF TRANSACTIONS AND ACTIVITIES Because management lacks the time and resources to supervise each company activity and decision, it establishes policies for employees to follow and then empowers them. This empowerment, called authorization, is an important control procedure. Authorizations are often documented by signing, initializing, or entering an authorization code on a document or record. Computer systems can record ab digital signature, a means of electronically signing a document with data that cannot be forged. Digital signatures are discussed in Chapter Certain activities or transactions maybe of such consequence that management grants
