Managing Information Assets: An Introduction of Operational Controls
By Ifang Tsaur, CPA
Establishing proper internal controls is very important to run business effectively. Today, as information assets become more and more complex, do you know if your organizational information is at risk?
So, maybe you are thinking about setting up some control activities to manage the risk. But what are controls and why do I need them?
Controls are interlocking sets of activities that are layered onto normal operating processes, with the intent of safeguarding assets, minimizing errors, and ensuring that operations are conducted in a proper manner. Placing controls at the right place (where) in the right time (when) maximizes operational efficiency, ensure reliable financial reporting, and at the same time in compliance with policies, laws, and regulations.
Controls are commonly classified into the following three types to:
• prevent fraud, thefts, and misstatements--- preventive control
• detect and find errors or irregularities --- detective control
• correct and mitigate damages --- corrective control
Below is an example of each type of control you may consider in managing your information assets:
• Preventive Control: Have an information governance policies and procedures with a clear definition and governing framework
• Detective Control: monitor an access log to detect and notify management of attempts by employees or outsiders to access unauthorized information
• Corrective Control: perform data validity tests that require users to confirm data inputs when amounts are outside a reasonable range
Thank you for reading our informational newsletter sponsored by ALT + FØ, an independent information governance provider firm. Our goal is to help organizations assess their information governance needs and take the right steps for building a defensible and practical information management program. ALT + FØ is committed to helping customers reduce their information management pain points and increasing the value of information assets.
Contact us (415) 465-2027 or email@example.com for an “information governance health check” evaluation!