Going beyond the obvious: what every finance officer should know about IT controls.

• Author: Genito, Michael A.
• Position: IT Compliance and Controls: Best Practices for Implementation - Information technology - Book review

IT Compliance and Controls: Best Practices for Implementation

By James J. DeLuccia IV

John Wiley & Sons, Inc.

2008, 274 pages, $50.00

[ILLUSTRATION OMITTED]

Government finance officers know the value of maintaining strong internal controls over the financial operations of their organizations. They also know the value that information technology (IT) has brought to the finance office in terms of speed, efficiency, accuracy, and dependability. IT Compliance and Controls: Best Practices for Implementation is an excellent guidebook and resource for managers in designing and implementing sound IT internal controls.

The book is rich in referenced endnotes and resources, allowing readers to expand their knowledge of the subject matter. The "In Practice" highlight boxes provide bulleted summaries of topics discussed in the chapters, providing focus for the reader, and the business cases presented throughout the book bring the content to life, providing a bridge from theory to application. The book is logically presented in four parts: "Coming of Age," "Influence and Effects," "Implementations," and "Looking Forwards."

Part one, "Coming of Age," presents a background of how technology has risen to provide an "interconnected universe" that allows for market transactions across the globe in real time. However, the integration and globalization of commerce, combined with the rapidly emerging markets of countries such as China and India, have changed the rules of what was once a relatively secure IT environment. Poor IT controls can destroy companies and wreak havoc on national economies. Governments do provide some regulations and associated fines and penalties for failure to observe them, but like financial internal controls, "best practice" companies develop and maintain strong IT controls to protect the interests of their organizations.

Part two, "Influence and Effects," starts off with an explanation of why "silo" IT strategies are dead. A silo strategy is one that is developed for only a particular department or division of an organization, as opposed to an enterprise view that would evaluate the impact on and applicability to all departments and divisions. This concept ties into the more recent integrated framework of internal controls for financial operations encouraged by the Committee on Sponsoring Organizations of the Treadway Commission (COSO), a voluntary private-sector organization dedicated to improving the quality of financial reporting...