An internal auditor is conducting an assessment of the organization's fraud controls. Which of the following would not be considered a preventive control?
1. Daily report that identifies unsuccessful system log-in attempts.
2. Weekly management communication with tips on identifying possible fraud.
3. E-mail alert sent to management for checks issued over $100,000.00.
4. New hire training to explain fraud and employee misconduct.
Preventive controls are designed to prevent fraud before it occurs. A daily report that identifies unsuccessful system log-in attempts and an e-mail alert sent to management for checks issued over $100,000 are examples of detective controls that identify potential issues after they have occurred. Therefore, 1 and 3 would not be considered preventive controls.
preventive control is the control the identity possibility of fraud before it is happens 1 @ 3 it is detective control which is mentioned after the fact
Daily report that identifies unsuccessful system log-in attempts. - How this is a preventive control is report is generated after the log-ing. What with successful which would result in fraud act.
The question is "not" to be considered as preventive control.