Managing IT risks within organizations requires a strong understanding of the internal controls and related frameworks necessary to mitigate risk. At Ad Information Technology, LLC (AdIT), our team has over 25 years of experience in IT operations and controls that allows us to provide organizations with the knowledge necessary to assist in the assessment of the design and operating effectiveness of IT general and application controls. IT controls within all organizations that management needs to be aware of are as follows:
IT General Controls – are policies and procedures that relate to many applications and support the effective functioning of application controls by helping to ensure the continued proper operation of information systems. These controls apply to mainframe, server, and end-user environments. General IT controls commonly include:
- Controls over data center and network operations
- System software acquisition, change and maintenance
- Access security
- Application system acquisition, development, and maintenance
- Physical security of assets, including adequate safeguards such as secured facilities over access to assets and records
- Authorization for access to computer programs and data files
IT Application Controls – these are controls that relate to specific computer software applications and the individual transactions. For example, a company would usually place restrictions on which personnel have authorization to access its general ledger so as to revise its chart of accounts, posting / approving journal entries etc. In order to enact this policy and restrict access, the general ledger software package would require the necessary functionality. Furthermore, assuming the functionality exists, does the company have a policy in place, and is there evidence that the general ledger authorizations align with the policy? Controls around application access are obviously very important and need to be reviewed closely..
AdIT’s thought leadership, extensive knowledge of the COBIT framework, methodologies and suite of technology solutions, combined with our competencies in processes, risks and controls will help you successfully design and test your organizations IT general and application controls.