The IT Law Wiki

Internal control

32,080pages on
this wiki
Add New Page
Add New Page Talk0

Definitions Edit

Internal control is

[t]he method of safeguarding business assets, including verifying the accuracy and reliability of accounting data, promoting operational efficiency, and encouraging adherence to prescribed organizational policies and procedures.[1]

Overview Edit

The five internal controls are:

access controls, which ensure that only authorized individuals can read, alter, or delete data; configuration management controls, which provide assurance that only authorized software programs are implemented; segregation of duties, which reduces the risk that one individual can independently perform inappropriate actions without detection; continuity of operations planning, which provides for the prevention of significant disruptions of computer-dependent operations; and an agencywide information security program (security management), which provides the framework for ensuring that risks are understood and that effective controls are selected and properly implemented.[2]

References Edit

  1. Auditing and Financial Management: Glossary of EDP Terminology, at 9.
  2. Cybersecurity: Continued Attention Needed to Protect Our Nation's Critical Infrastructure and Federal Information Systems, at 9 n.15.

Also on Fandom

Random Wiki