Information Technology General Controls (ITGCs) can be defined as internal controls that assure the secure, stable, and reliable performance of computer hardware, software and IT personnel connected to financial systems. ITGCS affect the ability to rely on application controls and IT dependent manual controls. Without effective ITGCS, reliance cannot be placed on any application controls or IT dependent manual controls unless additional procedures are performed (e.g., benchmarking). Even these additional procedures limit the ability to rely upon more than one application control at a time.
ITGCs are an integral part of many different operational and regulatory (federal and state) audits, including:
IT operational reviews, HIPAA assessments, SSAE16 assessments/ SOC-2, PCI-DSS reviews/audits, SOX assessments
Validate Understanding
Business Processes, Business Controls Applications, Significant Accounts engagement plan, understand objectives and set expectations, Perform risk assessment at each layer
Change Management, Operations, Security at various layers like
Operating System, Application, Database, Network
Reasonably possible a failure in this IT Process area could impact application controls related to integrity of the financial data.
Inquiry test, Inspection, Corroborative Inquiry, System Query
Access Management, Change and Log Management, Process Automation Review, Efficiency Review
The final step of Securis360’s testing method is reporting, but the whole assessment aims to produce a deliverable that is clear, concise, and accurate. Securis360’s report considers the whole process and tailors a report for each client. The draft report will be delivered at the end of the testing and gathering phase, and the final report will be delivered after the completion of the complete process.
