Scribd
Upload
175 views

Expert Teaching: Understanding IT General Controls

The document discusses expert teaching on understanding IT general controls. It provides an overview of understanding the IT environment, defining and identifying IT general controls, and conducting an IT general controls walkthrough. Specific topics covered include the purpose and components of logical access controls, manage change controls, and other IT general controls. The objectives of IT general controls and how they can affect application controls are also summarized.

Uploaded by

Adrian Anthony Contillo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
175 views

Expert Teaching: Understanding IT General Controls

The document discusses expert teaching on understanding IT general controls. It provides an overview of understanding the IT environment, defining and identifying IT general controls, and conducting an IT general controls walkthrough. Specific topics covered include the purpose and components of logical access controls, manage change controls, and other IT general controls. The objectives of IT general controls and how they can affect application controls are also summarized.

Uploaded by

Adrian Anthony Contillo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 17

Expert Teaching:

Understanding IT
General Controls

Lecturer:
Lecturer: Mr.
Mr. McLein
McLein Bagunu,
Bagunu,
CPA,
CPA, CISA
CISA
• Understand the IT Environment
• Define and Identify IT General
Controls
• Develop an understanding for the IT
Objectives audit process
• Conduct an IT General Controls
Walkthrough
• Example Tests of IT Controls
• Conclude and Document our Results

ICTE 1053
• Understand the IT Environment
• Purpose:
– Identify all significant applications and
infrastructure
– Relationship between process and
IT applications
Environment – Relationship between applications and
infrastructure
– Indicate where we might want to rely on
electronic
audit evidence
– Identify areas on which to focus our
review

ICTE 1053
IT General Control Approach

ICTE 1053
• Effective IT general controls:
– Help make sure that application controls
function effectively over time
Effect of ITGC
on Application • Ineffective IT general controls:
Controls – Application controls might still operate
effectively.
– Affects both financial statement and
internal control audit strategy, such as the
nature, timing, and extent of tests of
application controls

ICTE 1053
• Change Management:
– Only appropriately authorized, tested and
approved changes are made

IT General • Logical Access:


– Only authorized persons have access to the
Control system, and they can only perform specifically
Objectives authorized functions

• Other IT General Controls (including IT


operations):
– Process to determining that IT resources and
applications continue to function as intended
over time.
ICTE 1053
• General system security settings are
appropriate.
• Password settings are appropriate.
• Access to privileged IT functions is limited
Logical to appropriate individuals.
• Access to system resources and utilities is
Access limited to appropriate individuals.
• User access is authorized and appropriately
Controls established.
• Physical access to computer hardware is
limited to appropriate individuals.
• Logical access process is monitored.
• Segregation of incompatible duties exists
within logical access environment.
ICTE 1053
• Financial data has been backed‐up
and is recoverable.
Other IT • Deviations from scheduled processing
General are identified and resolved in a timely
Controls manner.
• IT Operations problems or incidents
are identified, resolved, reviewed, and
analyzed in a timely manner.

ICTE 1053
• What is the manage change scope?
– New system implementations (SDLC)
– Upgrade of existing system
– Addition of new functionality to an
Manage existing system
Change – New or changed interfaces
connecting different applications
– Minor enhancement
– Patch to an existing system
– Emergency changes
– Configuration changes
ICTE 1053
• Changes are authorized.
Manage • Changes are tested.
• Changes are approved.
Change • Changes are monitored.
Controls • Segregation of incompatible
duties exists within the manage
change environment.

ICTE 1053
Logical Access Process Components

ICTE 1053
Why do we perform walkthroughs?

• To confirm:
– Our understanding of the processing
Purpose of procedures
Walkthroughs – Our understanding of the relevant
controls
– That relevant controls have been
placed in operation and are operating
effectively
– Our documentation
ICTE 1053
• Methods of gathering evidence during
walkthroughs:
– Inquiring of a client to corroborate our
understanding
– Selecting an item over which the controls
Methods in are designed to operate and inspecting
evidence of the operation of the controls on
Walkthroughs that item
– Examining the client’s documentation of
the control’s design
– Examining reports used to monitor the
controls
– Observing whether the process owner or
others act upon the results of the controls
ICTE 1053
• Following the walkthrough, we
Result of make a preliminary evaluation
Walkthroughs of the effectiveness of controls
• The preliminary evaluation is
made for each IT general control

ICTE 1053
• Determine whether the controls:

– Operated as we understood they


would operate
Test of – Were applied throughout the period
Controls of intended reliance
– Were applied on a timely basis
– Encompassed applicable transactions
– Were based on reliable information
– Resulted in the timely correction of
any errors identified
ICTE 1053
Any Questions? Gora na! 😊

You might also like