The Control Activities component establishes the policies, legal provisions and control procedures necessary to manage and verify the quality of management, its reasonable safety with institutional requirements, for the fulfillment of the objectives and mission of the organs, agencies, organizations and other entities
The control activities are applicable to all types of operations, those that contribute to the reliability of the financial information and the compliance with the legal provisions corresponding to the development framework of the activity, as well as to the verification of economic transactions or operations. that give coverage to the objectives and goals regarding their accuracy, authorization and accounting record in accordance with the Cuban standards established for this purpose, with a continuous improvement approach.
It is structured in the following standards:
a) coordination between areas, separation of tasks, responsibilities and levels of authorization: the Internal Control System to be effective requires adequate interrelation and coordination of work between the areas that execute the processes, activities and operations; each operation needs the authorization of the authorized authority and must be specifically defined, documented, assigned and communicated to the person responsible for its execution. a balance is established between the separation of tasks and responsibilities and the cost of dividing the assigned functions or tasks, which must be documented in the case of not being able to fulfill and implement alternative controls that reasonably ensure the adequate performance of those responsible.
b) documentation, timely and adequate registration of transactions and events: all transactions, operations and economic events carried out must have documentary support, be reliable and guarantee traceability; The safeguarding of the minutes of the collegiate management bodies and of the assemblies with the workers for the analysis of efficiency must also be guaranteed. The documents may be in printed or digital format, as determined by the entity, except as expressly regulated by the governing bodies and agencies. Transactions or events must be executed in accordance with the general or specific authorization of the administration and recorded according to their classification, at the time of their execution, to guarantee their relevance, opportunity and usefulness.
c) restricted access to resources, assets and records: access to resources, assets, records and receipts must be protected, with permits granted only to authorized persons, who are required to sign minutes with which they are responsible for its use and custody. The assets are duly registered and the physical stocks are checked against the accounting records to verify their coincidence and prevent risks of theft, waste, misuse or other irregularities.
d) staff turnover in key tasks: staff turnover, whenever possible and agreed by the collegiate management body, can help avoid the commission of irregularities, allow greater efficiency and effectiveness of operations and prevent a worker be responsible for key aspects inherent to their functions for an excessive period of time in the function or position. The workers in charge of these tasks are periodically employed in other functions. In the case of those organizational units that because of having few workers, it is difficult to comply with this norm, it is necessary to increase the periodicity of the supervision and control actions.
e) control of information technologies and communications: the organs, agencies, organizations and other entities that have information and communications technologies, integrate and reconcile the Information Security Plan with its Control System Internal, in which the appropriate control activities are defined based on the importance of the assets and information to be protected, in correspondence with current legislation, considering the risks to which they are subject; the access permits to the different levels of automated information, which must be registered by means of the corresponding document, duly signed.
f) performance and performance indicators: the organs, agencies, organizations and other entities set their performance and performance indicators of qualitative and quantitative type according to their characteristics, size, production process of goods and services, resources, level of competence and other elements that distinguish it, in order to assess compliance with the objectives set. With the information obtained, the corresponding actions are taken to improve performance and performance.