General Control &

Application
Control
Control Activities
• These are the policies and procedures
used to ensure that appropriate actions
are taken to deal with the organization’s
identified risks.
Two Categories:
1. Information Technology Control
2. Physical Control
Information Technology Control
Two Groups:
1. General Control
2. Application Control

Physical Control
• This class of controls relates primarily to the
human activities employed in accounting systems.
ITGC
 Control Environment
 Change management
 Source code/document version control
 Software development life cycle
 Logical access
 Incident management
 Problem management
 Technical support
 Hardware/software
 Disaster recovery/ backup and recovery
 Physical security
IT application controls
 Completeness checks
 Validity checks
 Identification
 Authentication
 Authorization
 Input controls
 Forensic controls
General Control
 These are policies and procedures that
relate to many applications and support
the effective functioning of application
controls by helping to ensure the
continued proper operation of
information systems.
Types of General Control
1. Controls Over Data Centre And
Network Operations
 It deals with the access of the main data
storage of the systems.
2. Access Security
 Controls that protect the computer from
fraudulent actions.
 3.Application System Acquisition,
Development, And Maintenance
Types of General Control
4. Physical Security of Assets, including
Adequate Safeguards such as Secured Facilities
over Access to Assets and Records
 Controls that secure the efficiency of the
equipment, asset, or property.
5. Authorization for Access to Computer
Programs and Data Files
 Controls on file security for the reliability of
the file because there is a protection that
the file is highly authenticated.
Application Control
 These are controls specific to a particular
accounting application.
 Application controls are to ensure the
completeness and accuracy of all
processing and the validity of the
accounting entries made
Types of Application Control
1. INPUT CONTROLS
 Controls over input are designed to assure that
the information processed by the computer is
valid, complete, and accurate.
2. PROCESSING CONTROLS
 Controls over processing are designed to
assure that data input into the system is
accurately processed.
Types of Application Control
3. OUTPUT CONTROLS
 Controls over output are designed to assure
that data generated by the computer are valid,
accurate, and complete.
4. CONTROLS OVER MASTER FILE
INFORMATION
 There should be procedures in place to verify
that the correct version of the Master File is
being used.
General Control VS. Application
Control
 General controls apply to all areas of the
organization including the IT
infrastructure and support services.
 Application controls refer to the
transactions and data relating to each
computer-based application system;
therefore, they are specific to each
application.
Objectives
General Control
 To ensure the proper development and
implementation of applications, as well as the
integrity of programs, data files, and
computer operations.
Application Control
 1. Completeness of input and update
 2. Accuracy of input and update
 3.Validity (proper authorization)
 4. Maintenance (complete and correct over
time)