Understanding and Testing General Information Technology Controls (A4S6)

Overview

The information technology component of the COSO Framework’s Information and Communication element is a very important part of an entity’s business processes. Controls over information technology (IT) are effective when they maintain the integrity of information and the security of the data the systems process and when they include effective general IT controls (GITC) and application controls. GITC are policies and procedures that function as the foundation to support the effective operation of the system’s application controls. The increasing complexity of IT systems in many entities has resulted in a greater focus around controls in the IT environment. There is a growing trend toward automation of processes and controls as more and more entities adopt advanced IT products and services to enable greater efficiency in operations, compliance, and reporting activities. This requires an increased focus on the entity and the auditor on GITC. (Please Note: This module is part of Surgent's Audit Skills Training: Level 4.)

Major Topics:

• Defining GITC and application controls
• Major categories of GITC
• Understanding GITC
• Testing GITC

Learning Objectives:

• Distinguish between GITC and application controls
• Identify the 4 major categories of GITC
• Discuss when it is sufficient for the auditor to understand GITC and when testing is useful or required.
• Identify specific controls in each of the GITC categories.