Obviously, the welfare of your company depends on having an up-to-date information technology (IT) system. IT now impacts every facet of your business.
So it follows that you should invest in IT controls to protect and enhance your financial system.
But each company is different. So it behooves you to customize your IT operations for your specific situation. Controls are vital.
Traditionally, internal control systems have been appraised by separate information systems (IS) and employees in finance.
That meant costly overhead for separate audits – one budget for finance and another for IS – for example, audit reports with separate audit programs and audit management teams for testing and time schedules.
Instead of manual controls, enhancements in technology have brought change.
Integrated audit technique
The trend in auditing for performance and assessing productivity is for integration of IS and financial systems.
In other words, that’s one auditor who is trained in both financial and IS audits.
Hence, the buzz phrase: Integrated audit technique.
No matter how small or large your company is, it’s important to note technology affects the reliability of your financials.
Financial auditors need to understand IT application and general controls. This enables them to spot whether the controls avert or discover financial misstatements.
General controls are for IT management, disaster recovery plans, employee access, network configuration as well as logical and physical controls and policies.
Application controls, simply put, involve reviews of the automated controls in the applications.
Here are a few examples: The financial auditor is on the lookout for problems such as duplicate postings, erroneous calculations, and unauthorized access.
These can be found in accounts payable and receivable, inventory, general ledger, payroll and reporting.
“The fastest way to success is stewardship.”
Of course, public companies in regulated sectors must have outside participants assess their IT controls along with their internal auditors.
In small to medium-size enterprises, it’s customary for one person, who has a myriad of responsibilities, manage internal controls.
To complicate matters, technology is constantly changing. As a result, IT controls must be assessed and updated often.
Here are 10 control strategies:
- Make certain that access by employees is within the parameters of their job descriptions.
- Develop disaster recovery plans for all your requisite tasks.
- Verify there is a satisfactory program to gauge controls of vendors providing outsourced applications.
- If you have internal applications, make certain you have a dependable change-management policy that will prevent any potential unauthorized changes.
- Develop written policies for each of your IT functions.
- Train your employees in social engineering techniques to prevent security issues.
- Make certain your credit-card transactions are payment card industry (PCI) compliant.
- Maintain records and track all employee activity.
- Install the tightest-security possible for your company data.
- Develop a stellar company business continuity plan. Revisit it periodically.
From the Coach’s Corner, here are editor’s picks for relevant information:
Issues to Consider Before You Buy Business Analytics — If you’re the company’s chief information officer screening the sales pitches for business analytics, take a long look and ask the right questions for your company’s welfare. You have to collaborate and make the chief financial officer happy.
Key Measures to Prevent, Recover from Ransomware — Published reports indicate ransomware cost businesses $350 million in 2015. The FBI considers ransomware attacks one of the three worst cyber threats.
For Profits, CIOs Must Agree with CEOs on 5 Issues — Despite the increasing importance of information technology, many companies are losing profit potential from a lack of productive discussions about achieving strategic goals using technology initiatives.
Strategy: How You Can Capitalize on Predictive Analysis — The promise of predictive analysis: Obtain forward-looking insights to innovate and quickly recognize opportunities for growth.
Strategies to Measure, Boost Your Business Performance — If healthy revenue and profit margins are your goal, you must determine the critical factors that lead to success. In essence, business is war in commerce. In order to win, you must know how, why and when to attack.
Risk Management – Picking the Best Cloud Storage Provider — Choosing the right cloud storage provider is a must for risk management. You have a vast array of options. Cost is important, of course, but so are your company’s risk-management needs – just like the federal government.
“The fastest way to success is stewardship.”