Establish an Effective System of Internal IT Controls to Mitigate Risks
The only thing worse than a lack of control is the illusion of control.
A non-existent or ineffective system of controls could lead to:
- Internal & external security breaches
- Internal fraud
- Compliance related liabilities
- Failed audits
- Negative business exposure
- Poor confidentiality and integrity of data
- Loss, theft, and misappropriation of assets
- Loss of your job
An effective system of controls will likely lead to:
- Improved overall IT risk management and mitigation
- Decreased compliance-related penalties
- Decreased privacy and confidentiality breaches
- Protection from malicious internal security breaches
- Decreased loss, theft, abuse, and mismanagement of assets as well as unauthorized access to data
- Improved integrity of data
Module 1: Assess Control Coverage
- Recognition of the benefits and importance of internal controls.
- Identification of the risks of an ineffective system of internal controls.
- Assessment of the adequacy of current controls and their coverage of risks.
Key Benefits Achieved
- Selected metrics to measure your system of internal controls.
- Risks prioritized relative to their current control coverage.
|1.2||Identify and assess IT’s greatest risks.||
|1.3||Map controls to risks.||
|1.4||Assess the adequacy of control coverage for each risk.||
Module 2: Establish, Monitor, and Evaluate Controls
- Identification of specific controls to implement.
- Identification of best practices for control development and monitoring.
- Communication of controls.
- Assign roles and responsibilities for the governance of internal controls.
Key Benefits Achieved
- Identified specific controls to mitigate risks and assigned implementation owner.
- Discussed best practices for developing and monitoring controls.
- Communicated controls effectively to end users.
- Roles and responsibilities assigned for governance of internal controls.
|2.1||Identify the processes affected by each risk.||
|2.2||Determine the specific controls to implement for each control coverage gap.||
|2.3||Create an inventory of control establishment activities.||
|2.4||Discuss best practices for designing controls.||
|2.5||Assign metrics to measure individual control effectiveness.||
|2.6||Develop an internal control communication plan.||
|2.7||Create a RACI chart for governance of internal controls.||
|2.8||Discuss control monitoring and evaluating best practices.||