In the modern era, the role of IT and automation in almost every walk of life has become indisputably massive. The commercially oriented enterprises are always at the forefront of adopting new and sophisticated technologies to introduce just that innovation and cutting edge which will power it ahead of its competitors. It is pervasive, a necessity and we can find its presence in every functioning department of an organization. As is the case with everything under the sun, the herald of new systems also brings with it the new set of challenges which in turn require new and updated counters and since the technology is continuously evolving and improving, the controls that are put in place by an organization to thwart the potential threats also need to keep up with the developments. The first and foremost challenge is to ensure that the data is protected from unwarranted access and that the boundary controls are properly put up and working effectively. Any unauthorized access puts the confidential data at risk of being compromised, leaves the entity exposed to data leakage and since nowadays every crucial information is stored somewhere in a server or a system, it would not be a stretch to consider the particular set of controls outlined above as the absolute requirement for any entity. System Controls do not merely end at thwarting the attempts of unwarranted outside access, the access that has been provided to the entity’s personnel must be properly documented and it should be made sure that the access to an employee should be limited to the responsibilities that he or she has been assigned. Now that requirement of boundary controls is covered, we will discuss how a lack of input controls could spell chaos for an entity. Inputting data into the systems is what forms the crux of activity that is performed at any entity so it should be a given that the authenticity and accuracy of the information that is being fed into the system are of utmost importance as improper input would lead to inaccurate output which in turn would lead to drawing wrong conclusions and ultimately a colossal waste of time. In a similar vein, lack of communication controls which would include but is not limited to, ensuring that the data is shared within or outside the entity through a secured channel, inculcating into the employees, and implementing measures to ensure that the unwanted data sharing becomes a big no-no. A private leased communication line grants much more security against data leakage/loss and locking the system ports so that no external drives get connected to any system that takes care of unwanted data sharing. Output controls are those controls that would enable an entity to keep the reports/deliverables/processed result of input data within the entity and out-of-bounds to anyone who is not supposed to have access to it. Lack of proper output controls could manifest in like mentioned before, reports getting distributed to the ones they should not be getting distributed to or sensitive/critical forms/documents getting accessed by the unauthorized persons or reports getting printed on the printer which is not secure and prone to unfiltered access. In this write-up, we have barely touched upon the importance of system controls which should give a proper indication of the vitality of these for any organization.
This content is meant for information only and should not be considered as an advice or legal opinion, or otherwise. AKGVG & Associates does not intend to advertise its services through this.
Posted by: CA Aman Aggarwal
AKGVG & Associates