Skip Ribbon Commands
Skip to main content
The Institute of Internal Auditors North AmericaBreadcrumb SeparatorLearning and EventsBreadcrumb SeparatorCoursesBreadcrumb SeparatorIT General Controls
Course Description Course Outline Bring Us On Site  

IT General Controls

Course Description

Print-friendly Course Description and Outline

IT general controls are pervasive in today’s organizations. They apply to all systems environments, components, processes, and data, and can be relevant to practically any audit engagement.

According to the International Standards for the Professional Practice of Internal Auditing, internal auditors are expected to have sufficient knowledge of key information technology risks and controls, and available technology-based audit techniques to perform their assigned work.

Are you prepared to audit your organization’s IT general controls?

This course presents the fundamental concepts and terminology associated with IT general controls, including controls provided by automated systems. With an emphasis on ways the operational audit can participate in IT-related activities within audit engagements, this course provides tips on how to apply learned concepts to the risk evaluation and the audit process.

Who will benefit from this Course?

This interactive course is designed for internal auditors in all sectors with 1 to 2 years of auditing experience, who are interested in gaining additional insight into how to assess IT general controls.

Course Objectives
  • Describe IT general controls.
  • Apply critical thinking to general controls assessments.
  • Explore the use of data analytics in assessing IT general controls.
  • State the IT general control audit concepts necessary to perform an audit of IT applications supporting key processes.
  • Recognize the general concepts related to assessing logical security.
  • Explain the general concepts related to assessing System Development Life Cycle (SDLC).
  • Describe the general concepts related to assessing change management.
  • Discuss the general concepts related to auditing data backup and recovery controls.
  • Recognize the general concepts related to auditing computer operations controls.
  • Explain the general concepts related to auditing physical and environmental security.
Course Duration: 0.5 day(s)
CPEs Available: 4
Knowledge Level: Basic
Field of Study: Auditing
Advance Preparation: 
​End-User Computing (OnDemand)
Delivery Method: eLearning (Group-Internet-Based)

​General Concepts

  • Overview of IT general controls.
  • Types of IT general controls.
  • Applicable Standards.
  • Assurance.
  • Key technology processes.

Logical Security

  • Identification, Authentication, Authorization, Auditing.
  • Access management.

IT Change Management

  • Change types.
  • Need Identification.
  • Change process and types of controls.
  • Change request documentation.
  • Change request approval.
  • Change prioritization.
  • Change work and testing.
  • End‐user approvals.
  • Change schedules, coordinations, and implementations.
  • Segregation of duties.
  • Post implementation.
  • Change management variations.

Physical and Environmental Security

  • Physical and environmental controls.
  • Physical and environmental security concepts.

Corrective Controls

  • Corrective control process.
  • Business continuity.
  • Disaster recovery.
  • Backup processing.
  • Incident response.

​Most courses can be delivered through on-site training. You might be surprised that the organization leading the profession is just as committed to the delivery of affordable training.

Contact us by calling +1-407-937-1388 or send an e-mail to

Details and pricing
February 1-2,