Professional Documents
Culture Documents
Overview
Northern Arizona University
Compliance, Controls & Business Services
December 2011
IT Controls
• Introduction
• What are IT Controls?
General Controls
Application Controls
• Why are IT Controls Important?
• Who is responsible for IT Controls?
• Where are IT Controls Applied?
IT Controls - Introduction
“IT controls are fundamental to the reliability
and integrity of the information processed by
the automated systems on which most
organizations are dependent for their business
and financial transaction processing — and
overlooking or minimizing their importance
creates a significant risk.”
Inventory Payroll
Why are IT General Controls Important?
… AND
Without effective General Controls, reliance on
these IT systems may not be possible
Why are IT General Controls Important?
• Access Controls
Physical Security
Logical Access
Everywhere!
• IT includes technology components,
processes, people, organization, and
architecture (infrastructure) – as well as the
information itself.
References
• Global Technology Audit Guide – Information Technology Controls. D.
Richards, A. Oliphant, C. LeGrand
• Five Questions to Ask About Information Technology Controls and Security –
Berry Dunn:
http://consulting.berrydunn.com/content/five-questions-ask-about-informatio
n-technology-controls-and-security
• Information Technology Audit –General Principals:
http://www.intosaiitaudit.org/india_generalprinciples.pdf
• Auditor’s Guide to Information systems auditing – Richard Cascarino
• Information Technology General Control Considerations and Implications –
Clifton Gunderson
• IT For Non-IT Auditors – Matt Hicks UCOP