By regularly analyzing risk, business owners and executives can better understand and manage the likelihood and potential impact of fraud. In general, there are two types of business risk: inherent and residual. Inherent risk is what exists before management takes steps to mitigate the organization’s exposure. Residual risk is what remains after management has implemented internal controls to reduce and manage threats. Because no program of internal controls can possibly eliminate all threats, residual risk is always a reality. But there are ways to mitigate it. 4 types of internal controls Internal controls generally fall under one of the following categories: Detective. This type is designed to detect fraud already occurring. For example, you might generate a report that lists checks issued twice for the same invoice. Preventive....