ITGC Control Exemption Request Form

Control Identifier: [Enter the identifier of the control being exempted]

Control Description: [Brief description of the control being exempted]

Reason for Exemption: [Provide a detailed explanation of why the control cannot
be implemented/configured at this time. Include any technical, operational, or other
constraints.]

Risk Assessment: [Describe the potential risk associated with not having this control
in place. Include any mitigating factors or compensating controls, if applicable.]

Proposed Alternative/Compensation: [If available, propose any alternative

measures or compensating controls that will mitigate the risk adequately.]

Business Impact Assessment: [Assess the impact on business operations if this

exemption is granted. Include any potential impact on compliance requirements,
data security, or operational efficiency.]

Approval:

• Requester: [Name and Position of the individual requesting the exemption]

• Date: [Date of submission]
• Approving Authority: [Name and Position of the individual responsible for
approving the exemption]
• Date: [Date of approval]

Exemption Period: [Specify the duration for which this exemption is requested.
Include start and end dates.]

Justification for Exemption Period: [Explain why this duration is necessary, if

applicable.]

Review and Renewal: [Outline any review and renewal processes for this exemption.
Specify any conditions under which the exemption may be revoked or modified.]

Documentation and Communication: [Describe how this exemption and its

implications will be documented and communicated to relevant stakeholders,
including audit teams, compliance officers, and affected business units.]

Additional Notes/Comments: [Include any additional information relevant to the

exemption request.]
Attachments: [Attach any supporting documentation, such as technical reports, risk
assessments, or correspondence related to the exemption request.]