Control activities








                    • authorisation;

                    • performance reviews;
                    • information processing;
                    • physical controls; and

                    • segregation of duties.

            • Always remember that you should mainly discuss the control activities
                that are most relevant to the given scenario.





            • What is the difference between identifying a weakness, describing the
                risk and making a recommendation?

            • Weakness       When identifying a weakness, you merely state

            whether  an  existing  control  is  being  performed  incorrectly, and/or


            if an internal control (relevant to the scenario) is not being performed at
                all.