Professional Documents
Culture Documents
By
Winston Phethi
Introduction
What
are IT Controls?
General Controls
Application Controls
Why
Controls may be
classified to help
understand their
purposes and where
they fit into the
overall system of
internal controls.
Purchasing
Accounts Payable
Inventory
Payroll
AND
Without effective General Controls, reliance on
these IT systems may not be possible
Include:
Organization Controls
Policies and Procedures
Segregation of Duties
Access Controls
Physical Security
Logical Access
Examples:
Passwords
System authentication
Logs of logon attempts
Application-level firewalls
Antivirus and anti-spyware
software should be installed
and up to date
Intrusion detection systems
which would identify
suspicious network activity
Encryption for sensitive data
File shares should be
adequately restricted to
appropriate users
Patches/system updates
should be applied timely
Examples:
Definition
A comprehensive approach to ensuring normal
operations despite interruptions.
Components
Disaster Recovery
Fault Tolerant Systems
Backup and Recovery
Include:
Input controls
Processing controls
Output controls