When a tornado, flood or other catastrophe strikes, residents seek immediate emergency aid and the rapid resumption of ongoing government services. Emergency management officials must implement plans that meet the most pressing demands, with assistance from environmental protection, fire, health, law enforcement and other public agencies and departments, including those for transportation and schools.

During an emergency situation, generators provide electricity, if necessary, to power IT hardware. Backup files archived by an offsite data storage vendor provide access to critical information if it cannot be retrieved from local servers. IT disaster recovery plans - devised as part of general IT control planning - help public leaders quickly address citizen needs when catastrophes occur.

General IT controls are the foundational controls within an organization that cover computing, communication and security concerns. Perhaps the greatest measure of their effectiveness is that they typically do not call attention to themselves when functioning properly. Controls enable various agencies, departments and other public-sector organizations to concentrate solely on providing necessary services while also promoting confidence and trust among constituents.

 
Benefits of General IT Controls
Effective general IT controls help the public sector operate as efficiently and productively as possible. They automate processes that had been performed manually, accommodating larger workloads without hiring additional personnel. 

General IT controls help maintain the balance between accessibility and security. They control make it possible, for example, to archive meeting minutes and other documents online for 24/7 public review. Such controls also keep Social Security numbers, college transcripts, health-care treatment records and other personal information safe from unauthorized use.

Public-sector entities face considerable fiduciary responsibilities and greater media scrutiny than their private-sector counterparts. The damage that follows disclosure of a costly and poorly planned IT system migration or a potential incident of embezzlement is severe and difficult to overcome. General IT controls uphold fiduciary standards by deterring ill-advised or illegal activities. Preventive measures provide the greatest protection against reputational risks.

In all that they do, general IT controls enable public-sector leaders to serve their constituents more effectively and continually enhance trust among all stakeholders.

 
Elements of IT Controls
IT infrastructure provides the foundation for the applications and automated processes used by various public-sector functions. That infrastructure is composed of three layers: databases and the database management system, the operating system and the network. The applications reside atop the databases and database management system, with the operating system and the network layers serving as the base of that infrastructure.

General IT controls support that infrastructure. System controls, for example, support application controls used for protective services or regulatory oversight processes. Controls for the database management system and crucial databases ensure the integrity of data exported to applications for generating property tax assessments, motor vehicle registration renewal notices and water utility bills.

General IT controls also provide critical deterrents against improper activities. Gaining unauthorized entry into the IT system or a particular application is a common first step for individuals intent on committing fraud or identity theft. Network access controls, change management policies and other general IT controls offer continual defense against these problems.

 
Determining Scope
Public entities vary in the specific technologies they deploy and the resources they can commit to general IT controls. Applying effective oversight, however, is more dependent on identifying and addressing specific concerns than on funding or staffing levels. Mapping the processes involved in various functions illustrates areas of dependence on the IT infrastructure and specific need for general IT controls.

The COBIT (Control Objectives for Information and related Technology) and ITIL (Information Technology Infrastructure Library) frameworks provide CIOs the direction they need for devising effective general IT controls. Both are open, customizable frameworks that enable technology departments to