ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

IT Controls Implementation

Updated on May 12, 2018
hootingowl profile image

Currently pursuing a professional course in Assurance. I have practical knowledge and experience in audit, systems control and accounting.

Different Levels Of Management or Control

IT controls or Information System controls are implemented in a structured manner in an organization. Almost all mid level and large level business enterprises typically have 3 levels of management. Information systems are designed and implemented to cater to various needs specific to each level.The different levels from bottom-up are:

  1. Operational level aka lower level management
  2. Tactical level aka mid level management
  3. Strategic level aka top management

Information controls are required to be implemented at each of these levels on an overall organizational basis. This means if a business has 2 units in different States or cities, then IT controls would be required to be implemented at both the units and not just a few select ones.

IT Control Layers and Implementation

  1. Operational layer:

  • User accounts and access rights:

    This is nothing but assigning a user account for an employee. Just like logging into an email account with username and password, access to IT information in an enterprise is regulated by access rights controls. Every employee who has access to IT resources at the operational layer requires to be issued user accounts and access rights. At the operation level are employees who are technically involved with accounts posting, data entry, low level administration, and other basic works. Data is fed into the IT systems of the company at this level. The roles and responsibilities of each such employee must be clearly defined and unique user ID with access rights must be granted. Temporary users or those who only require occasional access to the company's IT systems may be issued with one time or guest user ID. This ensures that every time they need access, approval would be required from the appropriate authority and thus, their entry would be logged for reference. Also the IT system must have a facility to identify and display the unique user ID and name of the employee or any other person to whom the access is granted when they enter, modify, alter or access any IT information in the company.
  • Password Controls:

    Most of us know this point as well. Do you guys remember when you first opened your Google or Pinterest account? If so, when you were creating a password, there would have been a prompt specifying the requirements for an ideal password. Passwords are vital to ensure access restriction and control. The enterprise must have clear rules regarding minimum password requirements. Even though the user to whom access is granted is free to choose the passwords, the password itself may be subject to a few basic requirements like having at least a single case sensitive letter (Capital Letter), minimum length, inclusion of special characters (!,@,#,$,%,&, etc) or numbers. This would result in strong passwords and would safeguard the IT systems and information from being compromised.
  • Compartmentalization:

    Segregation of duties is a very important control. It helps prevent a single employee from having complete control or access to any resource. So if you were running a store, you would ensure that the person handling the payments would not be the same person making accounting entries. This is essentially to prevent fraud. Suppose the cashier is also given the job of book keeping, assuming the person is unscrupulous, he may misappropriate cash and also purposefully omit recording such sale from the sales figures. So the proprietor would be completely unaware that a sale took place. Therefore, it is essential to compartmentalize duties so that a transaction requires approval from multiple employees before conclusion.

Tactical Layer

Tactical layer is concerned about preparation of strategic plans so that an organization can achieve its objectives. It is important for controls to be placed at this level as the information is highly confidential in nature. Such information in the hands of a competitor would spell doom to the business.

It is important to study the application controls at this stage. Data is processed by applications and therefore unauthorized access to such application systems must be controlled. Can you imagine what would happen if people came to know about a company's expansion plans or new product launch information? People would take unfair advantage of such information and make unfair gains. The company could lose its market share and also would face lawsuits from different people for disclosure of confidential client information.

So it become necessary to ensure the following controls:

  • Risk assessment should be conducted
  • Antivirus software must be updated
  • Workshops and events must be organized to educate the employees about application security
  • Comply with the necessary requirements of the enterprise security policy.

The Strategic or Top Management

These guys are the big shots. They are responsible for formulation of enterprise goals and strategies and also ensure their implementation and monitoring. It is necessary for the top management to make sure that the enterprise has a detailed and viable security policy and that it is being updated and revised regularly. They must also take steps to communicate the policies to the employees and other stake holders.

Value of Information

The tide of information technology has swept us away in every sphere of life and business is no exception. Business decisions, which in the previous decade used to take days or even months to evaluate and implement, today take place in a jiffy. All thanks to the high speed processing, abundant availability and accessibility of information. All sorts of information have some value or the other. Public information probably has the least value since it is readily available but business information has very high value.

Just imagine a big company like Coca Cola. The formula of Coke has remained a secret for 126 years. No doubt the information pertaining to the contents of Coke with the company is its single most potent revenue generating asset. What if suddenly, somebody in Coca Cola decided to leak this vital information to a rival? This 126 year old monopoly drink would suddenly have thousands of generic versions of the same drink manufactured by others and its market share would crash. It would be the end of the brand and the company.

In order to prevent precisely this sort of loss of business information, IT controls or Information Technology controls are vital for every business organization. The enterprise may be big or small, but still, business is run on information. There is a lot of vital information in a business like:

  • Technical Know Hows
  • Designs and blue prints
  • Research Information
  • R&D findings
  • Customer details and preferences
  • Market penetration and marketing techniques
  • Pay packages of employees
  • Future plans and objectives
  • Ongoing talks for business deals
  • Confidential client information

Businesses often take measures to prevent such information from falling into the hands of their competitors or from becoming public. Such embarrassing leaks can be avoided and detected by implementing effective IT controls.


    0 of 8192 characters used
    Post Comment

    No comments yet.


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
    ClickscoThis is a data management platform studying reader behavior (Privacy Policy)