The internal controls of an AIS are the security measures it contains to protect sensitive data. These can be as simple as passwords or as complex as biometric identification. An AIS must have internal controls to protect against unauthorized computer access and to limit access to authorized users, which includes some users inside the company. It must also prevent unauthorized file access by individuals who are allowed to access only select parts of the system.
An AIS contains confidential information belonging not just to the company but also to its employees and customers. This data may include Social Security numbers, salary information, credit card numbers, and so on. All of the data in an AIS should be encrypted, and access to the system should be logged and surveilled. System activity should be traceable as well.
An AIS also needs internal controls that protect it from computer viruses, hackers and other internal and external threats to network security. It must also be protected from natural disasters and power surges that can cause data loss.