While at CLA Dallas 2011 I was asked if I'd help Azusa Pacific's online course development team by answering a couple of questions in a video interview. Are you kidding me?!! Of course!
The two questions were IT related. Here they are along with a summary of my response:
Q: What types of internal controls should ministries make sure they have in place related to information technology?
- In addition to current firewall and anti-malware solutions, their networks should be configured to lock accounts after a number of unsuccessful login attempts. This helps protect against hackers and bots.
- Contrary to popular belief, requiring that passwords be changed every 60-90 days in ministry settings actually lowers security.
- Passwords should be at least 7 characters long and include at least one of each of the following:
- Lowercase letter
- Uppercase letter
- Common punctuation
- Data should be organized in departmental folders that are only accessible by those with appropriate roles within the organization
Q: When should an organization consider purchasing new accounting and database software?
- Most ministries change their software for the wrong reasons. A couple of the most common wrong reasons are:
- The current software doesn't meet 100% of our needs. The mistake people make is believing there are 100% solutions available. That is a myth; 100% solutions do not exist. If you can find one that meets 80%, that's good!
- Regarding the percent of needs not met: if possible, adapt your business practices to close the gap rather than requiring the software to close the gap. The organization will have a much higher likelihood of being happy with their software.
- The solution is too complex. Investing in training, which is a lot less expensive than changing software, will likely overcome this issue.
- The two most appropriate reasons to change are:
- The company has gone out of business or has been bought by a company that will no longer support the solution.
- The ministry has come to recognize needs their solution cannot-- and will not within a reasonable time-- meet. Before pulling this trigger, however, contact the current provider to see if they already meet the need (and you just don't know it) or if they are planning to within a reasonable timeframe.