IT General controls (ITGC’s) are applicable to any information systems infrastructure. These controls are primarily in the following areas: Access Management (assess to data and programs), Change Management (Changes to programs and data), Systems development (feasibility, design, Testing, installation, version control, Move to production) , IT Operations (Backup, Incident Management, Job monitoring, Batch processing, etc). IT General controls audit should test for the effectiveness of these controls. The ITGC’s are important component of the business operations. The reliability on data, reports underlying the business process depends on the effectiveness of these controls. The integrity and reliability of financial information depends on the access controls, change management, and operational controls. All the CISA certified candidates must be aware of these controls as these were covered in Domain 3, 4 and 5 (of old syllabus).
How did this start?
The Enron scandal in 2001 led to the creation of Sabarnes Oxley Act (SOX) to improve the reliability of information provided by organizations. The ITGC controls of SOX are a regulatory obligation to all companies in United States of America.