Final answer:
Internal controls are designed to prevent and detect misstatements in financial information, making 'Internal controls' the correct answer to the student's question. Entity-level and transaction-level controls are subsets of internal controls.
Step-by-step explanation:
The controls that are designed to prevent misstatements from happening and / or detect and correct misstatements on a timely basis are known as internal controls. Internal controls are systems set up by a company to ensure the integrity of financial and accounting information, promote accountability, and prevent fraud. Option C, Entity-level controls, might include internal controls that affect the entire organization, such as the company's control environment and governance policies. However, they specifically refer to the controls at the upper level of an organization. Option D, Transaction-level controls, refer to specific controls applied to individual transactions to prevent or detect errors and frauds. Neither external controls (B) nor entity-level or transaction-level controls alone are specifically meant to cover both prevention and detection of misstatements.