Government GPS

The Latest Rules and Regulations That Impact Your Government Entity

What can finance learn from the control-heavy environment of IT?

IT in control-heavy environmentIT is built around control. Control of all digital applications and information. IT picks apart sensitive information and reviews it frequently to ensure criminals are unable to gain access to our systems. Is there anything finance can take away from this control-heavy environment?

Don’t miss: City of Atlanta ransomware 

One item worth considering is called a Penetration Test or “pen test”. A pen test is a heavily monitored fake attack on security measures in a network to see how the attack is detected, reported and responded to. Even the amount of time it takes to do each. This allows the examiners to analyze where weaknesses lie in the system and provide cost appropriate responses to the risk.

This type of test could also be applied to internal controls over financial processes. Consider researching common frauds for your organization. Work with a control department or third-party control consultant to attempt a heavily monitored “fake fraud.” Understanding how your organization reacts to the attempted fraud will help identify areas of weakness. Internal or external consultants can provide options to appropriately address the risk.

For more on protecting your control-heavy IT environment, check out this article on physical safeguards that can help.

If you have questions over the effectiveness of your financial internal controls, or you would like assistance in developing new or updating old financial controls, contact your Henry+Horne professional advisor.


Corey McFarland