IT-General Control Audit
What’s ITGC?
- Information Technology General Controls (ITGCs) can be defined as internal controls that assure the secure, stable, and reliable performance of computer hardware, software and IT personnel connected to financial systems.
- ITGCS affect the ability to rely on application controls and IT dependent manual controls.
- Without effective ITGCS, reliance cannot be placed on any application controls or IT dependent manual controls unless additional procedures are performed (e.g., benchmarking). Even these additional procedures limit the ability to rely upon more than one application control at a time.
- ITGCs are an integral part of many different
operational and regulatory (federal and state) audits, including:
- IT operational reviews
- HIPAA assessments
- SSAE16 assessments/ SOC-2
- PCI-DSS reviews/audits
- SOX assessments
Process offered
IT Risk Assessment and Scoping
Validate Understanding
- Business Processes
- Business Controls Applications
- Significant Accounts engagement plan, understand objectives and set expectations
Perform risk assessment at each layer
IT Process Controls
Change Management, Operations, Security at various layers like
- Operating System
- Application
- Database
- Network
Conclude
Reasonably possible a failure in this IT Process area could impact application controls related to integrity of the financial data.
Testing Methodology
- Inquiry test
- Inspection
- Corroborative Inquiry
- System Query
Primary Domain Coverage
- Access Management
- Change and Log Management
- Process Automation Review
- Efficiency Review
Report
The final step of Securis360’s testing method is reporting, but the whole assessment aims to produce a deliverable that is clear, concise, and accurate. Securis360’s report considers the whole process and tailors a report for each client. The draft report will be delivered at the end of the testing and gathering phase, and the final report will be delivered after the completion of the complete process.