Insufficient internal control over assets increases the vulnerability of those assets to abuse.

For example, abuse of assets may result from the presence of the following considerations:

Insufficient application of the principle of separation of duties or lack of independent controls.
Insufficient oversight of senior managers ' expenses, such as travel and other reimbursable expenses.
Inadequate supervision by management of personnel responsible for assets, for example, inadequacies in the direction, supervision or monitoring of activities in remote locations.
Lack of research conducted during the recruitment of employees with access to assets.
Lack of records held on assets.
Lack of authorization and approval system for transactions (for example, in purchasing).
Lack of physical protection measures for cash, securities, stocks or property, plant and equipment.
Lack of full and timely reconciliation of assets.
Timely and accurate documentation of transactions such as returns of commercial goods.
Lack of mandatory permits for employees performing key control functions.
Management does not have sufficient information about it, leading to IT employees misusing assets.
Insufficient access controls on automatic records, including controls on system records (logs) and their review of transactions occurring in electronic environments.