Today’s Keys What are IT Controls Basic IT Controls Where to Find Resources
What are IT Controls
Objectives of IT Controls are Interrelated Prevent & Detect Fraud Automate Ensure controls Prevent integrity & accidental reliability of loss data
Control Environment ● Overall awareness & importance ● Management & Board set tone ● Disciplined structure = consistency ● Maintains ethical commitment
Basic IT Controls
Change Management ● Changes are authorized & meet business requirements ● Provide training ● Have a backup plan for glitches
Change Management ● Home Grown Systems - document modifications ● Off the shelf applications - software licensing documented - upgrades documented - ensure patches up-to-date ● Outsourced “Cloud” Software - Security: SSAE 16 Report - Hosting: Redundant data centers
Access ● Document business applications ● Limitations based on positions - limit by user - limit per application - limit within applications
Access ● Checklist for new employees - use when terminating ● Unique passwords ● Prohibit sharing user IDs/passwords
Disaster Recovery/Backup ● Measures to prevent a disaster - Email protection - Antivirus Software - Firewall - Surge Protection - Server Elevated - No sprinklers - Backup Tape Rotation
Mission Continuity ● Contacts/call lists ● Critical Processes Assigned ● Building/Facility Information ● Key Technology & Applications ● Vital Documents ● TEST the Plan!
Physical Security ● House server in secured location ● Server secured with password
IT Staff ● In House ● Outside Consultant
Monitoring is KEY set a schedule
Resources ● Today’s Slides ● Community Foundation IT Control Charts ● Community Foundation Disaster Recovery Plan ● Resource Listing The only constant in the IT space is that it changes constantly!
Questions & Answers
Recommend
More recommend
