Professional Documents
Culture Documents
• IT infrastructure refers to the collection of hardware, software, networks, and facilities that are used to
develop, test, deliver, monitor, control, or support information technology services.
• It includes everything from physical devices such as servers, computers, and networking equipment to
virtual resources like software and data storage solutions.
• IT infrastructure is the backbone of any organization's IT system, providing the foundation for its digital
operations.
• In summary, IT infrastructure is the broader framework that encompasses all the elements supporting an
organization's IT operations.
IT Assets
• IT assets, on the other hand, are the individual components or resources within the IT infrastructure that
have a specific value to the organization.
• These can include hardware assets (such as servers, computers, and mobile devices), software assets
(including applications and operating systems), network assets (routers, switches, etc.), and data assets
(databases, files, etc.).
• Proper management of IT assets is crucial for organizations to optimize their IT investments, ensure
security, and maintain operational efficiency.
• In summary, IT assets are the specific components within that infrastructure that have individual value
and need to be managed effectively.
Description of IT Controls
• IT audit controls, often referred to as IT controls, are measures put in place to ensure the effectiveness,
security, and reliability of an organization's information technology systems and processes.
• The primary purpose of IT audit controls is to safeguard information assets, maintain data integrity,
ensure confidentiality, and promote the efficient and lawful use of IT resources.
• IT audit controls are essential for maintaining the integrity, availability, and confidentiality of an
organization's information assets.
Categories of IT Controls:
a. IT General Controls (ITGC ) b. IT Application Controls (ITAC)
1. IT General C ontrols (ITGC)
IT General Controls (ITGC) are a set of foundational controls that are essential for the effective
functioning of an organization's overall information technology environment.
These controls are not specific to any particular application or system but are instead designed to
provide a general framework for IT governance, risk management, and compliance.
ITGC are crucial for ensuring the reliability, integrity, and security of an organization's IT
infrastructure.
Access Controls
User Access Management: Ensures that access to systems and data is appropriately authorized
and regularly reviewed.
Authentication: Verifying the identity of users before granting access to IT systems.
Authorization: Assigning appropriate permissions to users based on their roles and responsibilities.
Segregation of Duties (SoD): Prevents conflicts of interest by separating key duties among
different individuals to reduce the risk of fraud or errors. Ensuring that no single individual has
control over all aspects of a critical process to prevent fraud and errors.
Change Management Controls
Change Approval: Ensures that changes to hardware, software, or configurations are properly
authorized and documented.
Version Control: Manages and tracks changes to software versions and configurations.
IT Operations Controls
Job Scheduling: Ensures that batch jobs and processes are scheduled, executed, and monitored
effectively.
Backup and Recovery: Ensures that data is regularly backed up and that there are procedures in
place to recover it in case of data loss or system failures
Input Controls:
• Data Validation: Ensures that data entered into the system is accurate, complete, and valid. This may
involve checks for data types, ranges, and formats.
• Field Check: Verifies that the data entered into specific fields conforms to predefined criteria.
• Reasonableness Check: Examines the validity of data based on its relationship to other data within the
application.
• Limit Check: Validates that the values entered fall within predetermined limits.
• Validation Rules: Implements rules to validate the accuracy and integrity of data.
Processing Controls:
• Data Transformation Controls: Ensures that data is transformed accurately during processing, such as
calculations, translations, or other data manipulations.
• Concurrency Controls: Manages simultaneous access to data to prevent conflicts and ensure data
consistency.
• Transaction Controls: Verifies the accuracy and completeness of individual transactions processed by
the application.
• Batch Controls: Ensures the accuracy and completeness of data processed in batch mode.
• Error Handling and Logging: Implements mechanisms to detect and handle errors, with appropriate
logging for review and analysis.
b. Customization:
• ITGC: Are generally standardized and apply to various systems and processes.
• ITAC: Are highly customized and tailored to the specific functionalities and processes of individual
applications.
c. Examples:
• ITGC: Network security policies, user access management, and change control procedures.
• ITAC: Input validation checks, transaction controls, and data transformation controls within an
accounting software.
d. Independence:
• ITGC: Are often independent of specific applications and can impact multiple systems.
• ITAC: Are inherently tied to the specific application they are designed for.
e. Integration:
• ITGC: Form the foundation on which IT applications operate.
• ITAC: Rely on the presence of effective ITGC for their overall effectiveness.