ABSTRACT

Computer systems are seen less as collateral to the organization's success but rather as essential to the achievement of the business' goals and objectives. Key Information Technology (IT) infrastructure areas need to be reviewed to ensure appropriate levels of controls are in place and working as intended. In general, IT general controls are encompassing controls designed to cover the entire organizations' IT infrastructure, as opposed to specific applications. General computer controls (GCCs) are the responsibility of IT management and focus on the hardware, software, networks and data within them. In terms of general business process risks and controls, an effective approach is to consider them in terms of completeness, accuracy, validity, confidentiality, and availability of the systems and the data. IT Application and General Controls are essential to protect the organization's computer systems, networks, and related technologies. Internal auditors are expected to review the hardware, software, networks, and other aspects of the organization's information technology and security.