IT general controls (ITGC), the essential controls for ensuring the integrity of your IT systems, are vital to the success of your business.
These controls can help you achieve both financial and operational objectives around accuracy, authorization, efficiency, and confidentiality. They can also mitigate risks concerning compliance with laws and regulations, the accountability of financial reports, and the effectiveness of operations.
Given all of this, the question isn’t whether to implement IT general controls, but how you can do so.
Ronald Lee, Director of Security, Compliance, and Risk at SEVENROOMS, asserts that, “people, process and technology are the three fundamentals of ITGC implementation”.
What exactly do each of these pillars mean? Read on to find out!
Lee hosted a virtual discussion on implementing ITGC. You can watch it by joining the largest community for Business Systems Professionals, Systematic, here.
One of the biggest pillars for any ITGC project are the people.
Because ITGCs are complex, you’ll need to establish a strong level of understanding with all the colleagues who are involved. This involves educating the end users on the fundamentals and the objectives for your organization’s ITGCs.
In addition, you’ll need to determine the roles and responsibilities for all the people involved in the project itself. Authorization is a huge part of ITGCs. So make sure that establish access controls and change management in order to prevent instances of inappropriate access rights and unauthorized changes.
Before you can start implementing your ITGCs, you’ll need to identify the policies and procedures for your controls. You can involve your IT admins and your BT team to get first-hand feedback.
Eventually, as IT and business systems become more integrated, you will want to make sure that your ITGC process encompasses the needs of your whole organization, not just your IT department. This should help you design a process that fits into the pre-existing model of your organization and also achieves your operational objectives.
In addition, because you’ll be dealing with policies, procedures, and a number of departments, you’ll need to document aggressively. Deloitte advises companies to maintain explicit documentation in order to map out the key processes. Documentation is also important for setting a cadence for your processes, ensuring that the new admins will be able to follow the process, and it can help speed up the auditing process and financial reporting.
Automation can greatly improve your ITGC processes and reduce manual errors. You can use workflows to automate your existing controls including:
- Provisioning accounts
- Authorizing approvals
- Reviewing activity logs
- Performing calculations
Furthermore, you can also automate your monitoring controls. Instead of manually checking the controls, you can implement an automated monitoring solution to continuously monitor your controls, making data analysis and reporting more efficient.
Creating a strong foundation for your ITGCs will help you reach both your IT and operational objectives. And when it comes time to scale your ITGCs, it’ll be easy as you’ll have already established the groundwork for success.
Wondering how other Business Systems leaders are implementing ITGC at their organizations? You can join the Systematic community to find out!