Man in suit pointing to an unlocked lock. The rest in the row of locks are locked up in graphic.
Blog

Nonprofit Internal Control Quick Tip – IT Access

CPAs & Advisors

Michael Evrard
Michael Evrard CPA Principal CPAs & Advisors

Ideally, your organization should have standard procedures to remove employee access to the organization’s virtual environment upon termination, including banking, remote access to software and files, debit or credit card information, and various websites. However, there may be other changes at the organization that would necessitate removing or reducing access, such as demotions, transfers to different offices or departments, changes in how information is stored, etc.

A good control to help manage IT access – secondary to the standard procedures – would be to periodically view the access rights for this information and make any changes as necessary. This could be accomplished with a recurring calendar reminder and documented with a simple memo.

Want To Learn More?

Connect with one of our professionals today.