IT General Controls (ITGC)
ITGC represent the foundation of the IT control structure. They help ensure the reliability of data generated by IT systems and support the assertion that systems operate as intended and that output is reliable. ITGC usually include the following types of controls:
These controls generally follow the controls framework set forth in Control Objectives for Information and Related Technologies (COBIT).
Control environment, or those controls designed to shape the corporate culture. Below lists areas of IT General Controls.
- Change management - controls designed to ensure changes meet business requirements and are authorized.
- Vendor management – controls designed to govern vendor selection process and criteria.
- Source code/document version control procedures - controls designed to protect the integrity of program code
- Software development life cycle standards (SDLC) - controls designed to ensure IT projects are effectively managed.
- Logical access - controls designed to manage access based on business need.
- Incident management - controls designed to address operational processing errors.
- Problem management - controls designed to identify and address the root cause of incidents.
- Host Security - hardware/software configuration, installation, testing, management standards, policies and procedures.
- Disaster recovery/backup and recovery - to enable continued processing despite adverse conditions.
- Physical security - controls to ensure the physical security of information technology from individuals and from environmental risks.
Contact us to know more about having an IT General Control Audit performed for your company. |