ITGC
   HOME

TheInfoList



Click Here for Items Related To - ITGC
OR:
ITGC on:   [Wikipedia]   [Google]   [Amazon]

{{primarysources, date=January 2019 Information technology general controls (ITGC) are controls that apply to all systems, components, processes, and data for a given organization or
information technology Information technology (IT) is a set of related fields within information and communications technology (ICT), that encompass computer systems, software, programming languages, data processing, data and information processing, and storage. Inf ...
(IT) environment. The objectives of ITGCs are to ensure the proper development and implementation of applications, as well as the integrity of programs, data files, and computer operations. The most common ITGCs: * Logical access controls over
infrastructure Infrastructure is the set of facilities and systems that serve a country, city, or other area, and encompasses the services and facilities necessary for its economy, households and firms to function. Infrastructure is composed of public and pri ...
, applications, and data. * System development life cycle controls. * Program change management controls. * Data center physical security controls. * System and data backup and recovery controls. * Computer operation controls.


General Computer Controls

ITGCs may also be referred to as General Computer Controls (GCC) which are defined as: Controls, other than application controls, which relate to the environment within which computer-based application systems are developed, maintained and operated, and which are therefore applicable to all applications. The objectives of general controls are to ensure the proper development and implementation of applications, the integrity of program and data files and of computer operations. Like application controls, general controls may be either manual or programmed. Examples of general controls include the development and implementation of an IS strategy and an IS security policy, the organization of IS staff to separate conflicting duties and planning for disaster prevention and recovery process.


Global Technology Audit Guide (GTAG)

GTAGs are written in straightforward business language to address a timely issue related to information technology (IT) management, control, and security. To date, the
Institute of Internal Auditors The Institute of Internal Auditors (The IIA) is an international professional association. The IIA offers professional certifications and provides standards for the internal audit profession. History The IIA was established in November 1941. ...
(IIA) has released GTAGs on the following topics: * GTAG 1: Information Technology Controls * GTAG 2: Change and Patch Management Controls: Critical for Organizational Success * GTAG 3: Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment * GTAG 4: Management of IT Auditing * GTAG 5: Managing and Auditing Privacy Risks * GTAG 6: Managing and Auditing IT Vulnerabilities * GTAG 7: Information Technology Outsourcing * GTAG 8: Auditing Application Controls * GTAG 9: Identity and Access Management * GTAG 10: Business Continuity Management * GTAG 11: Developing the IT Audit Plan * GTAG 12: Auditing IT Projects * GTAG 13: Fraud Prevention and Detection in the Automated World * GTAG 14: Auditing User-developed Applications * GTAG 15: Formerly Information Security Governance--Removed and combined with GTAG 17 * GTAG 16: Data Analysis Technologies * GTAG 17: Auditing IT Governance


See also

*
Information technology controls Information technology controls (or IT controls) are specific activities performed by persons or systems to ensure that computer systems operate in a way that minimises risk. They are a subset of an organisation's internal control. IT control objec ...
*
Internal Audit Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach t ...
*
Internal Control Internal control, as defined by accounting and auditing, is a process for assuring of an organization's objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies. A broa ...
* SOX 404 top–down risk assessment * *


References

* GTAG 8: Christine Bellino, Jefferson Wells, July 2007 * GTAG 8: Steve Hunt, Enterprise Controls Consulting LP, Enterprise Controls Consulting LP, July 2007
ISACA Glossary of terms


External links


The Institute of Internal Auditors

Information Systems Audit and Control Association
Auditing Information technology audit