ITGC
Encyclopedia
IT general controls are controls that apply to all systems components, processes, and data for a given organization or information technology
(IT) environment. The objectives of ITGCs are to ensure the proper development and implementation of applications, as well as the integrity of programs, data files, and computer operations.
The most common ITGCs:
Controls, other than application controls, which relate to the environment within which computer-based application systems are developed, maintained and operated, and which are therefore applicable to all applications. The objectives of general controls are to ensure the proper development and implementation of applications, the integrity of program and data files and of computer operations. Like application controls, general controls may be either manual or programmed. Examples of general controls include the development and implementation of an IS strategy and an IS security policy, the organization of IS staff to separate conflicting duties and planning for disaster prevention and recovery.
Information technology
Information technology is the acquisition, processing, storage and dissemination of vocal, pictorial, textual and numerical information by a microelectronics-based combination of computing and telecommunications...
(IT) environment. The objectives of ITGCs are to ensure the proper development and implementation of applications, as well as the integrity of programs, data files, and computer operations.
The most common ITGCs:
- Logical access controls over infrastructureInfrastructureInfrastructure is basic physical and organizational structures needed for the operation of a society or enterprise, or the services and facilities necessary for an economy to function...
, applications, and data. - System development life cycle controls.
- Program change management controls.
- Data center physical security controls.
- System and data backup and recovery controls.
- Computer operation controls.
General Computer Controls
ITGCs may also be referred to as General Computer Controls which are defined as:Controls, other than application controls, which relate to the environment within which computer-based application systems are developed, maintained and operated, and which are therefore applicable to all applications. The objectives of general controls are to ensure the proper development and implementation of applications, the integrity of program and data files and of computer operations. Like application controls, general controls may be either manual or programmed. Examples of general controls include the development and implementation of an IS strategy and an IS security policy, the organization of IS staff to separate conflicting duties and planning for disaster prevention and recovery.
Global Technology Audit Guide (GTAG)
GTAGs are written in straightforward business language to address a timely issue related to information technology (IT) management, control, and security. To date, The IIA has released GTAGs on the following topics:- GTAG 1: Information Technology Controls
- GTAG 2: Change and Patch Management Controls: Critical for Organizational Success
- GTAG 3: Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment
- GTAG 4: Management of IT Auditing
- GTAG 5: Managing and Auditing Privacy Risks
- GTAG 6: Managing and Auditing IT Vulnerabilities
- GTAG 7: Information Technology Outsourcing
- GTAG 8: Auditing Application Controls
- GTAG 9: Identity and Access Management