According to CSU-Global (2016), internal control is a process that requires a series of ongoing activities and actions and can only provide reasonable assurance that all of the organization's objectives will be achieved . Therefore, management must establish control activities that are effective and efficient within the company and include controls over technology. According to Turner & Weickgenannt (2013), there are five control activities such as: transaction authorization, separation of duties, adequate records and documents, security of assets and documents, and independent audits and reconciliations. According to the auditor, only one employee performed all of the different tasks at Norton Corporation, and that employee authorized changes to the total stock amounts recorded by the computer. In any organization, work-related procedures and activities must be performed through specific authorization from a manager before any transaction can be completed. Furthermore, it was unclear whether the company's employees were well trained and understood when general or specific authorization was required or not. The manager must establish the separation of duties, authorization process and practice to ensure that guidelines are followed by employees; This way, the company could keep the assets and documents safe and free from fraud. According to Whittington and Pany (2014), authorization of any transaction can be achieved by assigning authorized terminal users an identifying name which must be used before the system accepts data and maintains a log of activities to prove unauthorized use. Not just using separation of duties and authorization of