The COSO framework also defines principles of control activities. The control activities, remember that's one of the components of internal controls. Well, this is the big chunk. This is where most of our stuff happens for internal controls. These are the procedures we put in place, the policies. This is where we're actually having our internal controls function. Let's check this out in a little more detail. So remember, the control activities, these are the foundation of the internal control efforts of the company. Right? So let's talk about the 6 principles that the COSO framework, the framework that defines how to make effective internal controls. Well, let's discuss what those principles are.
The first one is the establishment of responsibility. Okay. So for any task, there should only be one person responsible for a given task. Okay? That way we know who was responsible. It can't be like, oh, you know, who counted the cash in that register? Well, there was one person who was responsible for that task, right? They were assigned that task, they were supposed to count the cash, so if there is any misstatement in that cash register, we know whose responsibility it was. Okay? So that one's pretty easy. Let's go on to the next one, the separation of duties. Separation of duties, this is one of the biggest topics in internal controls that they love to talk about, and this is to make sure that more than one person is necessary to complete a task, right? So notice that the establishment of responsibility is that each person has their own specific job, right?
But when we think of a whole big task like purchasing inventory or something, right, each little portion of that big idea of purchasing inventory, well each of those needs to be separated to a different person, okay? So let's think about an example here. There's going to be 1 employee who purchases goods, not purchases, orders the goods, sorry. There's one employee that orders the goods, verifies the receipt of the goods, and pays the supplier. So think of a situation where there's a company that has one person that does all of these tasks, okay? They call a supplier and order the goods, they get the goods, they verify that they got there and then they pay the supplier as well.
This is a huge risk in internal controls, let's see why. So what could be possible fraud? Well, when the employee makes the orders, right, the employee could order from a particular supplier because they are friends. Right? He might just pick hey, you know, me and this guy go way back, I'm going to order from him, you know, regardless of the price or the quality. Right? When we think about the company, the company would be very objective and pick the best supplier for them based on price and quality factors such as that, not just like oh, we're on friendly terms with this guy. I'm gonna order from him anyway. So that's not good, right? That's not making the best decision for the company.
How about another one? Well, the company may pay false or inaccurate invoices because the invoices are not verified outside of this person, right? So this person could just order, you know, fake goods, they could just write up an inventory, they're the ones who verify the receipt. They could say, yeah, that stuff got here, right? Yeah, yeah, yeah, and they can pay basically themselves. They can make an account, a fake invoice in the system, and pay themselves, right, because there's nobody outside verifying this information or the employee could just steal straight-up. The employee could just steal the goods from the company, right? They're in charge of all of the processes related to inventory. There's nobody who is going to be able to stop them. Okay? So what's a possible solution? Well, we have obviously separation of duties, right? Separation of duties. Okay? And to do that, we hire 3 employees, or we have 3 employees, each one responsible for one of these tasks, right? So we would have one employee who orders the goods, right? So to be able to place that order they would have to have the verification that this is the supplier we want to order from and then there's another separate employee who's receiving the goods and that separate employee makes sure that the order matches with the received goods, right? So now they have a they're separate from the first person, so the first person couldn't just fake an order, right, because there's another person who's going to verify that order and then there's the last person who's paying the supplier, right? So notice how there's all this separation that makes sure that one person can't just steal from the company. Right? So the separation of duties, that's a huge part of our internal controls.
So let's go on to the rest of these principles of our control activities. They're all pretty simple, so we can kind of just go on pretty quickly. Documentation procedures. So we might have talked about this already about using pre-numbered documents, right, to make sure that all documents are accounted for. So a very good example, this is using checks that are numbered, so you might have check 101, 102, 103, 104, 105, right? So if you look in your checkbook and you see or you look in the records and you see and maybe that was a voided check, right, what could have been the issue with check 103, or maybe the accountant, right, wrote the check to his own personal bank account and then didn't put it in the records, but this pre-numbered make sure that our records are complete. Right? So pretty simple documentation procedures.
Physical controls are pretty easy as well. So physical controls, this is literally locking the door. Locking the door. Having a safe for cash, right? A password. Anything that's physically keeping people out, right? Okay. So pretty easy. Independent internal verification. So this is basically some sort of internal auditing procedure where a separate employee periodically checks another employee's work, right, just to make sure that everything is going all right and usually you want to do this kind of like on a surprise basis, right, where they just like, okay, today's your check, They walk in and they check your stuff, so you can't really prepare or hide stuff if you were committing fraud. Right? So remember, all of these activities, everything we're talking about is to help prevent fraud.
And last is human resource controls, right? So the HR department could also have controls like bonding. So bonding employees, this isn't some sort of fetish thing, no. Bonding, this has to do with insuring employees who handle cash. Okay. So any employee who handles cash, you get insurance for them just in case they steal cash, well you're insured against it. Another benefit of this bonding is that the insurance company is going to do some sort of background check to make sure that the employee is, you know, worth insuring for them. So that gives a little extra security. Next, this one's really interesting is mandatory vacations. This is a really cool one. Mandatory vacations are good because it's usually when an employee is on vacation that fraud is discovered. Think about it, they're at work all the time and they're committing fraud, maybe they're siphoning money out of the company's bank account. Well, nobody's really checking on what they're doing until they leave on vacation and someone does their job for them, right? Now someone comes in and does their job and they're like, hey, something looks weird here and they get caught out. It's actually very true that a lot of fraud gets discovered while the employee is on vacation, so a mandatory vacation that's going to help discover fraud. Last is background checks, right? Obviously, there's an obvious advantage to doing a background check before you hire an employee. You're going to hire more honest people when they have a clean record. Cool? Alright. So that's about it here. Let's go ahead and move on to the next video.
