Information technology (IT) controls are the business application and oversight portion of a company’s information storage and retrieval department. There are generally two types of IT controls. General controls are the main control type and cover everything from the personnel and corporate standpoint, while application controls are the inner management of computer and software systems. A company typically has a chief information officer (CIO) that oversees the its IT controls and works with the IT department to assure that standards are being met.
General IT controls are the most broad, as they deal with everything outside of the actual computer system. These controls break down into three main control groups: resource, usability and technical. Resource controls are concerned with the physical machinery as expensive objects rather than specific systems. These controls make sure that the power system is adequate for the servers, the computers are protected from floods and that no one can steal the computers.
Usability IT controls work with the people that actually use the computers. These controls focus on updating programs, ensuring proper use of computer resources and administering technical support. These controls ensure that human-machine interaction progresses smoothly. Using these controls, the IT system is evaluated based on the people using the machines rather than the actual function of the machines.
The last general IT controls group is technical. This is the control group that deals directly with the usage and maintenance of the company’s computer system. This group covers the installation or updating of programs, replacement of hardware systems and the processing of errors. This is the only form of IT control that deals directly with the computer system as a whole instead of interacting outside with it.
Application controls are the inner controls placed on an IT system to monitor the operations of the hardware, software and user interactions. These controls are almost entirely automatic once started. If one of these controls encounters a problem, it will generate a report and send it to the appropriate location. Any action from that report will fall into one of the general IT control categories.
The main difference between IT controls and standard IT policies is the business focus. In a typical IT department, the goal is on the system itself rather than the usability or business applications of the system. IT controls have the focus outside the system. The CIO may have been part of the IT department, but it is more likely that he is a business or marketing specialist with training in IT matters.