Question

1. Authorization and approval controls: These controls ensure that only authorized individuals can access or perform certain activities. For example, requiring a manager's approval for a purchase order before it is processed or creating unique user accounts with limited access rights to sensitive financial information.

2. Segregation of duties controls: This control ensures that no single individual has complete control over a transaction from initiation to completion. For instance, separating the roles of recording transactions, authorizing payments, and reconciling bank statements to reduce the risk of fraud or errors.

3. Physical controls: These controls help protect physical assets, such as securing access to restricted areas, implementing surveillance cameras or security guards, and using locks or safes for valuable items.

4. IT controls: These controls are designed to protect and ensure the integrity, availability, and confidentiality of information systems. Examples include implementing firewalls and antivirus software to protect against unauthorized access, regularly backing up data, and segregating development and production environments to prevent unauthorized changes to systems or applications.