INFORMATION TECHNOLOGY GENERAL CONTROLS (ITGCs)

 

Organizations must identify, assess and address emerging risks without losing sight of their existing business and control environment. They are not only working to get ahead of the curve - often they are struggling to keep up – and not always succeeding.

More and more market players in their approach towards internal control assessment, design an implementation need embedding an underlying risk analysis approach with a focus on reliable and effective key application controls. While Risk Management in itself is moving at the top of the Board agenda due to high profile business failures, heavy regulatory pressure is increasing compliance requirements which needs to be integrated into the company internal control framework.

Photo by AzmanL/iStock / Getty Images
Photo by AzmanL/iStock / Getty Images

Access to Programs and Data

• Policies and procedures

• Roles and responsibilities

• Security parameter settings of operating systems, applications, Enterprise Resource Planning (ERP) systems and databases

• User access rights

• Monitoring & Training

• Physical security

• Network access

Photo by scanrail/iStock / Getty Images
Photo by scanrail/iStock / Getty Images

Control over Computer Operations

• Organisation of IT function

• Service Level Agreements

• Business Continuity and Disaster Recovery Plans

• Network Management

• Backups and Recovery

 
Photo by NicoElNino/iStock / Getty Images
Photo by NicoElNino/iStock / Getty Images
Photo by shutter_m/iStock / Getty Images
Photo by shutter_m/iStock / Getty Images

Controls over Program Changes

• Maintenance activities

• Change Requests

Controls over Programs, Development and Implementation of New Systems

• Testing

• Transfer to live

• Documentation and Training

• Controls over Program Changes

• Maintenance activities

• Change Requests