IT General Controls (ITGCs)
IT general controls are policies and procedures that apply broadly across an organization's IT environment to ensure the proper operation of information systems and the integrity of data.
Explanation
ITGCs provide the foundation for application controls to function effectively. They include controls over program development and changes, access to programs and data, computer operations, and system software acquisition and maintenance. If ITGCs are weak, the auditor cannot rely on application controls even if they appear well-designed. Common ITGC categories include change management, logical access security, job scheduling, and backup and recovery procedures.
Key Points
- •Four categories: program change, access, operations, system software
- •Weak ITGCs undermine the reliability of all application controls
- •Must be evaluated before relying on automated application controls
Exam Tip
If IT general controls are deficient, the auditor cannot rely on automated controls within the applications — even if those application controls appear effective.
Frequently Asked Questions
Related Topics
Application Controls
Application controls are automated or manual procedures within a specific application designed to ensure the completeness, accuracy, and validity of data processing.
Access Controls
Access controls are security measures that restrict who can view, modify, or use computing resources, ensuring that only authorized individuals can access systems and data.
Test your knowledge
Practice scenario-based questions on this topic with detailed explanations.