Information Technology General Controls (ITGC) are a set of policies that ensure the effective implementation of control systems throughout an organization. ITGC audits help verify that these general controls are implemented and functioning correctly, so that risk is appropriately managed.
The scope of ITGC commonly includes access control to physical facilities, IT infrastructure, applications and data, security and compliance aspects of the system development lifecycle, change management controls, backup and recovery, and operational controls over IT systems.
There are various accepted standards for ITGC audits, including COBIT and ITIL.
ITGC audits may involve ongoing monitoring, identifying and responding to issues, as well as proactive internal audits of ITGC components and adjustments of policies and controls based on audit results.
These are basic controls that should be implemented within the IT environment.
Compliance with the Sarbanes Oxley Act of 2002 (SOX) requires organizations to record, test, maintain, and review controls that affect financial reporting processes. Companies must apply and review these processes in each and every cycle prior to their financial reporting. Internal auditors must perform periodic compliance audits to ensure compliance with SOX requirements.
In IT, there are IT General Controls (ITGC) and application controls. A SOX ITGC audit aims to reveal whether the ITGC is sufficient to ensure that the financial reporting system is accurate, complete and error-free.
We have the depth and breadth of skills to add significant additional capabilities to your team, enhancing their role in the business and the value that its internal audit function can provide.
We can work with your internal audit team to provide you with specialized IT auditors, through an outsourcing or co-sourcing arrangement.