Establish an Effective System of Internal IT Controls to Mitigate Risks

The only thing worse than a lack of control is the illusion of control.

RETIRED CONTENT

Please note that the content on this page is retired. This content is not maintained and may contain information or links that are out of date.

A non-existent or ineffective system of controls could lead to:

  • Internal & external security breaches
  • Internal fraud
  • Compliance related liabilities
  • Failed audits
  • Negative business exposure
  • Poor confidentiality and integrity of data
  • Loss, theft, and misappropriation of assets
  • Loss of your job

An effective system of controls will likely lead to:

  • Improved overall IT risk management and mitigation
  • Decreased compliance-related penalties
  • Decreased privacy and confidentiality breaches
  • Protection from malicious internal security breaches
  • Decreased loss, theft, abuse, and mismanagement of assets as well as unauthorized access to data
  • Improved integrity of data

Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Module 1: Assess Control Coverage

The Purpose

  • Recognition of the benefits and importance of internal controls.
  • Identification of the risks of an ineffective system of internal controls.
  • Assessment of the adequacy of current controls and their coverage of risks.

Key Benefits Achieved

  • Selected metrics to measure your system of internal controls.
  • Risks prioritized relative to their current control coverage.

Activities: Outputs:
1.1 Select metrics.
  • Selected metrics and baseline measurements of internal control capability.
1.2 Identify and assess IT’s greatest risks.
  • List of IT’s greatest risks ranked by severity of risk.
1.3 Map controls to risks.
1.4 Assess the adequacy of control coverage for each risk.
  • IT risks prioritized relative to their current control coverage.

Module 2: Establish, Monitor, and Evaluate Controls

The Purpose

  • Identification of specific controls to implement.
  • Identification of best practices for control development and monitoring.
  • Communication of controls.
  • Assign roles and responsibilities for the governance of internal controls.

Key Benefits Achieved

  • Identified specific controls to mitigate risks and assigned implementation owner.
  • Discussed best practices for developing and monitoring controls.
  • Communicated controls effectively to end users.
  • Roles and responsibilities assigned for governance of internal controls.

Activities: Outputs:
2.1 Identify the processes affected by each risk.
2.2 Determine the specific controls to implement for each control coverage gap.
  • Recommended action plan for each risk to achieve adequate control coverage.
2.3 Create an inventory of control establishment activities.
  • Inventory of internal control establishment initiatives.
2.4 Discuss best practices for designing controls.
  • Sample control documents.
2.5 Assign metrics to measure individual control effectiveness.
  • Selected metrics and baseline measurements of effectiveness of individual controls.
2.6 Develop an internal control communication plan.
  • Internal control communication plan.
2.7 Create a RACI chart for governance of internal controls.
  • Completed RACI chart for internal control monitoring.
2.8 Discuss control monitoring and evaluating best practices.
  • Internal control self-assessment checklist.
Visit our Exponential IT Research Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019