Information technology controls (or IT controls) are specific activities performed by persons or systems designed to ensure that operational objectives are met. Many articles are written today about external information security threats (e.g. data breaches, viruses) but nonprofits must also be wary of internal threats resulting from failure in the design or implementation of IT systems. Protection against internal threats is critical and can be accomplished by designing and implementing a strong control system. Controls that are typically considered include the following:
- Access and security controls
- Network security controls
- Backup and recovery controls
- Entity-level controls
- Change management controls
Fraud is on the rise and nonprofits can limit their exposure to fraud by eliminating as many of the existing opportunities as possible. The risk of financial and data loss, interruptions to productivity and potential legal liability require sound internal controls for your information systems.
Eide Bailly’s certified, dedicated Risk Advisory Services specialists have expertise related to specific applications, technical controls, complex systems, information security, fraud and computer forensics and specific software packages. Please click here for more information on these services.