It is more important than ever to have a good IT-Governance structure and under control, as we are more exposed today in a much more complex IT-environment than in the past. The risk map needs to be redrawn continually and in different dimensions. Some of the risk areas that have emerged such as on the compliance agenda within the General Data Protection Legislation, an increased velocity regarding the Cloud services with the inherent risks for cyber-attacks and hacking. The inevitable digitalisation gives opportunities as well as business risks. All these risks and combined risks examples are issues that must be on the board of directors’ agenda – compliance, internal control, IT-infrastructure and business risk linked to IT.
To be a myth buster; There are no fully automated controls! History shows that there is always a human hand behind all checks and balances; direct or indirect. For example, fraudsters love to bypass the control environment and inappropriate segregation of duties is one of the components that give a foundation for increased risks of internal violations or mistakes. Complex IT-systems of today, often integrated with business partners and its’ different level of IT-maturity, such as within B2B, supply chain, outsourced activities to service providers and they need to be incorporated into the IT governance structure and to be under control. It is actual named internal control, not internal faith!
Contribution by Copenhagen Compliance Associate Henrik Frössling, based on an extensive assignment on internal controls at The Volvo Group.