- Source: Information technology general controls
Information technology general controls (ITGC) are controls that apply to all systems, components, processes, and data for a given organization or information technology (IT) environment. The objectives of ITGCs are to ensure the proper development and implementation of applications, as well as the integrity of programs, data files, and computer operations.
The most common ITGCs:
Logical access controls over infrastructure, applications, and data.
System development life cycle controls.
Program change management controls.
Data center physical security controls.
System and data backup and recovery controls.
Computer operation controls.
General Computer Controls
ITGCs may also be referred to as General Computer Controls (GCC) which are defined as:
Controls, other than application controls, which relate to the environment within which computer-based application systems are developed, maintained and operated, and which are therefore applicable to all applications. The objectives of general controls are to ensure the proper development and implementation of applications, the integrity of program and data files and of computer operations. Like application controls, general controls may be either manual or programmed. Examples of general controls include the development and implementation of an IS strategy and an IS security policy, the organization of IS staff to separate conflicting duties and planning for disaster prevention and recovery process.
= Global Technology Audit Guide (GTAG)
=GTAGs are written in straightforward business language to address a timely issue related to information technology (IT) management, control, and security. To date, the Institute of Internal Auditors (IIA) has released GTAGs on the following topics:
GTAG 1: Information Technology Controls
GTAG 2: Change and Patch Management Controls: Critical for Organizational Success
GTAG 3: Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment
GTAG 4: Management of IT Auditing
GTAG 5: Managing and Auditing Privacy Risks
GTAG 6: Managing and Auditing IT Vulnerabilities
GTAG 7: Information Technology Outsourcing
GTAG 8: Auditing Application Controls
GTAG 9: Identity and Access Management
GTAG 10: Business Continuity Management
GTAG 11: Developing the IT Audit Plan
GTAG 12: Auditing IT Projects
GTAG 13: Fraud Prevention and Detection in the Automated World
GTAG 14: Auditing User-developed Applications
GTAG 15: Formerly Information Security Governance--Removed and combined with GTAG 17
GTAG 16: Data Analysis Technologies
GTAG 17: Auditing IT Governance
See also
Information technology controls
Internal Audit
Internal Control
SOX 404 top–down risk assessment
References
GTAG 8: Christine Bellino, Jefferson Wells, July 2007
GTAG 8: Steve Hunt, Enterprise Controls Consulting LP, Enterprise Controls Consulting LP, July 2007
ISACA Glossary of terms
External links
The Institute of Internal Auditors
Information Systems Audit and Control Association
Kata Kunci Pencarian:
- Khoirul Anwar
- Daftar perusahaan Amerika Serikat
- Honeywell
- Hitachi
- Daftar perangkat iOS
- Keamanan komputasi awan
- Belerang
- Raksa
- Argentina
- Sel surya
- Information technology general controls
- Information technology controls
- Information technology audit
- Information and communications technology
- Information technology
- Certified information technology professional
- Directorate-General for Communications Networks, Content and Technology
- DigitalEurope
- Risk assurance
- Operational technology
