Auditing the Key Information Technology General Controls (ITGC) 2 CPE

Course Duration: 2 Hours

Course Rating:

Course Enrollments: 128 Enrolled

Mode of Delivery: On-Demand

Course Level: Basic

Study Area: Auditing

NOTE: This course is updated in January 2025.

Business reliance on information technology and the associated risks are restructuring how auditors audit and what auditors assess.

Section 404 of the Sarbanes-Oxley (SOX) Act, requires public companies, and their auditors to annually assess and report on the design and effectiveness of internal control over financial reporting. The reliability of financial reporting is heavily dependent on a well-controlled IT environment.

Today, every auditor must have a good comprehension of information technology basics and the vulnerabilities, threats and risks that face organizations each day to effectively plan and execute any audit engagement.

In this course, we explore the Key Information Technology General Controls areas that must be addressed to ensure the confidentiality, integrity and availability of data and information assets, as well as the reliability of financial reporting.

Course Key Concepts: ITGC, IT Controls, Information Technology General Controls, SOX 404, IT Audit, ICFR, Internal Control over Financial Reporting, Data Confidentiality, Data Integrity, Data Availability.

Prerequisites

No advanced preparation or prerequisites are required for this course.
Additional takeaways from this course will include templates to help develop:
- Basic Data Center controls assessment questionnaire – to assist in audit planning, scoping and risk assessment
- Basic ITGC audit program – to guide the testing of the design and effectiveness of the ITGCs.

Learning Objective

Identify and describe the key controls over Access to Programs and Data.
Explore the main Physical Access and Environmental controls over critical IT Infrastructure.
Recognize the important Change Management controls.

Last updated/reviewed: January 22, 2025