Information, Articles, Tools, and Useful LinksCommittee Listings, Member Forums, and Find a CITPInformation on AICPA Tech. Conference, Seminars, Webcasts, and ConferencesIT Section Membership Information, CITP Credential Information, Members Only Tools and Communications, and MorePublications, CPE, Conferences, and Webcasts
 
Search
 

Search Options
Infotech Home > Resources > Systems Audit & Internal Control > IT Controls

IT Controls

Due to the prevalent use of information technology (IT) systems today, it is important that controls are in place. IT controls are specific IT processes designed to support a business process. IT Controls can be categorized as either general controls or application controls.

General Controls are those controls that are pervasive to all systems components, processes, and data for a given organization or systems environment. They include controls over such areas as the data center and network operations, systems software acquisition and maintenance, access security, and application system acquisition, development and maintenance.

Application controls are those controls that are appropriate for individual accounting subsystems, such as payroll or accounts payable. They relate to the processing of individual applications and help ensure that transactions occurred, are authorized, and are completely and accurately recorded, processed, and reported. 

GTAG 2: Change and Patch Management Controls: Critical for Organizational Success
Posted with permission by The Institute of Internal Auditors, this guide addresses the areas that are impacted by changes to the IT infrastructure. It also provides guidance on how to communicate to the board the risks and controls identified and assist the organization to stay abreast of the continual changes in regulatory requirements. Learn More>>

 

GTAG 8: Auditing Application Controls
IT Section Member
The Institute of Internal Auditors (IIA) has produced its eighth Global Technology Audit Guide® (GTAG®) on “Auditing Application Controls”. GTAG 8 attempts to bridge the gap between internal auditors and technologists through this comprehensive guide that breaks down the various risks associated with application controls and how internal auditing can help to mitigate those risks. Learn More>>
GAIT: The Guide to the Assessment of IT General Controls Scope Based on Risk
IT Section Member
A substantial portion of the overall costs associated with SOX 404 compliance is related to the assessment of IT general controls designed to ensure the proper use of IT applications and help protect data from unauthorized change. The Guide to the Assessment of IT General Controls Scope Based on Risk (GAIT) is a set of IT Principles and Methodology identified by the Institute of Internal Auditors (IIA) to facilitate the cost-effective scoping of IT general control assessments. Learn More>>