IT Controls: How safe is your organization?

10/20/2017

We live in the time of technology, where further enhancements are created every day to make the business world a more effective and efficient place. With increased reliance on technology, many organizations highly depend on their IT department to ensure their systems are running smoothly and that controls are implemented to keep them safe. Because IT is highly specialized, many organizations do not know if the controls in place can actually protect them against a cyber attack, fraud, or identity theft. Will your IT controls protect your organization, or leave you exposed to theft or loss?

In the business world today, we have seen the decline in reliance on manual applications and an increase in reliance on technology. With higher reliance on technology, there is a higher risk for individuals to misuse the organization’s systems, exposing them to theft, error, and illegal exploits of confidential information. Utilizing technology is imperative; so how can your organization be progressive and technologically advanced while mitigating these risks?  The answer is IT controls.

IT controls are essential in protecting assets, sensitive information, and financial data.  They play a significant role in the areas of accounting and financial reporting as they have a direct impact on the overall reliability of the financial statements. The lack of IT controls may expose your organization to significant risk of financial loss.

In order to ensure the proper IT controls are implemented at your organization, you should first obtain a general understanding of your organization’s IT system. What type of computing environment does your organization use (LAN, web or cloud based system, etc.)? Also, understand which of these systems impact financial reporting and the safeguarding of assets.

Consider how your organization’s general IT controls achieve the following objectives:

  • The organization maintains reliable systems that include appropriate data backup and recovery processes.
  • Physical security and access to programs and data are appropriately controlled to prevent unauthorized use, disclosure, modification, damage, or loss of data.
  • Program changes (including report development) and systems acquisition and development are appropriately managed to ensure that the application software and reports adequately support internal controls and financial reporting. 

 

After the proper controls are in place, your organization should define the objectives of their control structure through policy statements. This creates an organized direction for all employees and eliminates any disorientation or inefficiencies. Your organization should also monitor IT controls to ensure the controls are operating efficiently. Regular tracking of organization systems and network resources allows the organization to inspect and correct any irregularities that may happen. This can be performed by keeping a system log to track monitoring by the respective employees.

Lastly, it is important that your organization considers the need for an IT specialist. An IT specialist can help ensure the proper preventative maintenance is implemented (i.e. server backups, updating of antivirus software, examining firewall log files, installing Microsoft security updates, etc.).

If the proper IT controls are not in place, your organization will be subject to significant IT risks including phishing, malware and computer viruses.

For more information on implementing and monitoring IT controls, please feel free to contact a member of our Kristi Yanover at 858-558-9200.