Establish an Effective System of Internal IT Controls to Mitigate Risks

The only thing worse than a lack of control is the illusion of control.

Onsite Workshop

A non-existent or ineffective system of controls could lead to:

  • Internal & external security breaches
  • Internal fraud
  • Compliance related liabilities
  • Failed audits
  • Negative business exposure
  • Poor confidentiality and integrity of data
  • Loss, theft, and misappropriation of assets
  • Loss of your job

An effective system of controls will likely lead to:

  • Improved overall IT risk management and mitigation
  • Decreased compliance-related penalties
  • Decreased privacy and confidentiality breaches
  • Protection from malicious internal security breaches
  • Decreased loss, theft, abuse, and mismanagement of assets as well as unauthorized access to data
  • Improved integrity of data

Module 1: Assess Control Coverage

The Purpose

  • Recognition of the benefits and importance of internal controls.
  • Identification of the risks of an ineffective system of internal controls.
  • Assessment of the adequacy of current controls and their coverage of risks.

Key Benefits Achieved

  • Selected metrics to measure your system of internal controls.
  • Risks prioritized relative to their current control coverage.

Activities: Outputs:
1.1 Select metrics.
  • Selected metrics and baseline measurements of internal control capability.
1.2 Identify and assess IT’s greatest risks.
  • List of IT’s greatest risks ranked by severity of risk.
1.3 Map controls to risks.
1.4 Assess the adequacy of control coverage for each risk.
  • IT risks prioritized relative to their current control coverage.

Module 2: Establish, Monitor, and Evaluate Controls

The Purpose

  • Identification of specific controls to implement.
  • Identification of best practices for control development and monitoring.
  • Communication of controls.
  • Assign roles and responsibilities for the governance of internal controls.

Key Benefits Achieved

  • Identified specific controls to mitigate risks and assigned implementation owner.
  • Discussed best practices for developing and monitoring controls.
  • Communicated controls effectively to end users.
  • Roles and responsibilities assigned for governance of internal controls.

Activities: Outputs:
2.1 Identify the processes affected by each risk.
2.2 Determine the specific controls to implement for each control coverage gap.
  • Recommended action plan for each risk to achieve adequate control coverage.
2.3 Create an inventory of control establishment activities.
  • Inventory of internal control establishment initiatives.
2.4 Discuss best practices for designing controls.
  • Sample control documents.
2.5 Assign metrics to measure individual control effectiveness.
  • Selected metrics and baseline measurements of effectiveness of individual controls.
2.6 Develop an internal control communication plan.
  • Internal control communication plan.
2.7 Create a RACI chart for governance of internal controls.
  • Completed RACI chart for internal control monitoring.
2.8 Discuss control monitoring and evaluating best practices.
  • Internal control self-assessment checklist.

Workshop icon Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book a Workshop View Blueprint
GET HELP Contact Us
VL Methodology