IT-General Control Audit

What is ?

  • Information Technology General Controls (ITGCs) can be defined as internal controls that assure the secure, stable, and reliable performance of computer hardware, software and IT personnel connected to financial systems.
  • ITGCS affect the ability to rely on application controls and IT dependent manual controls.
  • Without effective ITGCS, reliance cannot be placed on any application controls or IT dependent manual controls unless additional procedures are performed (e.g., benchmarking). Even these additional procedures limit the ability to rely upon more than one application control at a time.
  • ITGCs are an integral part of many different operational and regulatory (federal and state) audits, including:
    • IT operational reviews
    • HIPAA assessments
    • SSAE16 assessments/ SOC-2
    • PCI-DSS reviews/audits
    • SOX assessments

Process offered

IT Risk Assessment and Scoping

Validate Understanding

  • Business Processes
  • Business Controls Applications
  • Significant Accounts engagement plan, understand objectives and set expectations

Perform risk assessment at each layer

IT Process Controls

Change Management, Operations, Security at various layers like

  • Operating System
  • Application
  • Database
  • Network

Conclude

Reasonably possible a failure in this IT Process area could impact application controls related to integrity of the financial data.

Testing Methodology

  • Inquiry test
  • Inspection
  • Corroborative Inquiry
  • System Query

Primary Domain Coverage

  • Access Management
  • Change and Log Management
  • Process Automation Review
  • Efficiency Review

Report

The final step of Securis360’s testing method is reporting, but the whole assessment aims to produce a deliverable that is clear, concise, and accurate. Securis360’s report considers the whole process and tailors a report for each client. The draft report will be delivered at the end of the testing and gathering phase, and the final report will be delivered after the completion of the complete process.