IT General Controls

​Print-friendly Course Description and Outline

IT general controls are pervasive in today’s organizations. They apply to all systems environments, components, processes, and data, and can be relevant to practically any audit engagement.

According to the International Standards for the Professional Practice of Internal Auditing, internal auditors are expected to have sufficient knowledge of key information technology risks and controls, and available technology-based audit techniques to perform their assigned work.

Are you prepared to audit your organization’s IT general controls?

This course presents the fundamental concepts and terminology associated with IT general controls, including controls provided by automated systems. With an emphasis on ways the operational audit can participate in IT-related activities within audit engagements, this course provides tips on how to apply learned concepts to the risk evaluation and the audit process.

Who will benefit from this Course?

This interactive course is designed for internal auditors in all sectors with 1 to 2 years of auditing experience, who are interested in gaining additional insight into how to assess IT general controls.

• Describe IT general controls.
• Apply critical thinking to general controls assessments.
• Explore the use of data analytics in assessing IT general controls.
• State the IT general control audit concepts necessary to perform an audit of IT applications supporting key processes.
• Recognize the general concepts related to assessing logical security.
• Explain the general concepts related to assessing System Development Life Cycle (SDLC).
• Describe the general concepts related to assessing change management.
• Discuss the general concepts related to auditing data backup and recovery controls.
• Recognize the general concepts related to auditing computer operations controls.
• Explain the general concepts related to auditing physical and environmental security.