AUDIT TOOLS

ITGC

Information Technology General Controls (ITGC) are a set of policies that ensure the effective implementation of control systems throughout an organization. ITGC audits help verify that these general controls are implemented and functioning correctly, so that risk is appropriately managed.

The scope of ITGC commonly includes access control to physical facilities, IT infrastructure, applications and data, security and compliance aspects of the system development lifecycle, change management controls, backup and recovery, and operational controls over IT systems.

There are various accepted standards for ITGC audits, including COBIT and ITIL.

ITGC audits may involve ongoing monitoring, identifying and responding to issues, as well as proactive internal audits of ITGC components and adjustments of policies and controls based on audit results.

1.Access controls

• Access provisioning
• Access review
• Access termination
• Password setting
• Transfers
• Audit logs.

2.Change controls

• Change requests
• Change approval
• Emergencies
• UAT
• Development, testing and production
• Developer production access.

3.Interface Controls

• Transmission Security
• Error Notification
• Reconciliation
• Issue Tracking
• Input/Output
• File Security.

4.Disaster recovery

• Disaster recovery plan
• Plan Review
• Periodic tests
• Assignment of responsibilities
• Performing RTO/BIA
• Risk assessment.

5.IT operations

• IT organization structure
• Monitoring
• Planning
• IT Steering Committee
• Capacity planning
• Budget.

6.Physical security

• CCTV
• Security guard
• Visitor log
• Access log
• Access review.

---