IT general controls (ITGC) are the basic controls that can be
applied to IT systems such as applications, operating systems,
databases, and supporting IT infrastructure.
The objectives of ITGCs are to ensure the integrity of
the data and processes that the systems
support. The most common ITGCs are as follow:
- Logical access controls over applications,
data and supporting infrastructure(each staff member has seperate
access to various functions).
- Backup and recovery controls(Selma does back
up on daily basis on yhe file server and local secure storage
facility).
- Computer operation controls(each staff member
performs his/her responsibilty as per controls assignes).
- Data center physical security
controls(computer hardwares are kept at locked offices at
both locations).
- System development life cycle controls(IT
contractor engaged in design,develop,test and install the
program).
Each of these strenghts will help in effective audit as
follows:
- Access control will ensure that no outsider can alter the data
or leak the data stored in the software and will maintain the
integrity of data.
- Backup and recovery controls will help in speedy and secure
recovery if data in case of any data loss due to any
catastrophe.
- Operations control will ensure that duties are perfectly
segregated to each staff and no overlapping of same task is
done.
- Keeping computer hardware in locked location will protect the
computer from any physical damage.
- System development will help proper updation of software as per
changing situations.