Internal Controls and Risks in IT Systems

IT systems are so critical that organizations would hardly be able to operate if their IT systems were suddenly to fail. Unchecked threats and risks can lead to events that interrupt or stop computer operations, which can be severely damaging to the organization. It is important to consider possible threats to the IT system and to know how to implement controls to try to prevent those threats from becoming reality.

This chapter provides an overview of controls in IT systems, the risks that these controls are intended to reduce, and important hardware and software components of IT systems to which controls should be applied. Knowledge about IT systems and the related risks and controls are important factors in gaining an understanding of business processes. Later chapters will describe the usual  business processes such as those involving revenues, expenditures, conversion, and administrative processes. The data resulting from these processes is usually recorded, monitored, and stored in IT systems.

Internal controls for IT-based systems have been described as being of two types: general controls and application controls. General controls apply overall to the IT accounting system; they are not restricted to any particular accounting application. Application controls are intended to ensure that inputs and processing are accurate and complete and that outputs are properly distributed, controlled, and disposed. Within a specific accounting application, such as payroll, the system can use programmed input controls to reduce input errors.

Auto293

Information Systems Control Techniques

Textbooks

Accounting Information Systems, Third Edition, Leslie Turner, Andrea Weickgenannt & Mary Kay Copeland