IT controls are the business application and supervisory portion of a company’s information storage and retrieval department. There are two types: general controls and application controls. General controls fall into three main control groups: resource, usability, and technical. Application controls monitor the operations of hardware, software, and user interactions. The focus of IT controls is on the business applications of the system, overseen by a CIO with an IT background.
Information technology (IT) controls are the business application and supervisory portion of a company’s information storage and retrieval department. There are generally two types of IT controls. General controls are the primary type of control and cover everything from a personal and business perspective, while application controls are the internal management of computer systems and software. A company typically has a chief information officer (CIO) who oversees its IT controls and works with the IT department to ensure standards are met.
General IT controls are the broadest, dealing with everything outside of the actual computer system. These controls fall into three main control groups: resource, usability, and technical. Resource controls treat physical machinery as expensive items rather than specific systems. These checks ensure that the power system is adequate for the servers, that the computers are protected from flooding, and that no one can steal the computers.
IT usability controls work with people who actually use computers. These controls focus on updating programs, proper use of computer resources, and technical support administration. These controls ensure that human-machine interaction runs smoothly. Using these controls, the IT system is evaluated based on the people using the machines rather than the actual function of the machines.
The last group of general IT controls are technical. It is the control group that directly deals with the use and maintenance of the corporate information system. This group covers installing or updating programs, replacing hardware systems, and error processing. This is the only form of computer control that deals directly with the computer system as a whole instead of interacting with it externally.
Application controls are the internal controls placed on an IT system to monitor the operations of hardware, software and user interactions. These checks are almost fully automatic once started. If any of these controls encounter a problem, it will generate a report and send it to the appropriate location. Any action from that report will fall into one of the general IT auditing categories.
The main difference between IT controls and standard IT policies is the focus on the business. In a typical IT department, the focus is on the system itself rather than the usability or business applications of the system. IT controls have the focus outside the system. The CIO may have been part of the IT department, but is more likely to be a business or marketing specialist with an IT background.
Protect your devices with Threat Protection by NordVPN
