Regulators require trustworthy financial information in today’s data-driven world, while corporate stakeholders demand openness and more detailed information from executives. Reliable data and processes aid in defending companies against cyber-attacks.
ITGCs is also known as General Computer Controls (GCC), which are described as controls other than program controls that pertain to the environment in which computer-based application solutions are developed, managed, and operated, and hence apply to all applications.
In order to work effectively, ITGC such as access restrictions, segregation of responsibilities, computations, and input/output controls are required standards.
- User Access Control
It’s critical to know who has access to sensitive data in order to maintain data integrity. Effective controls provide simplified operational activities, legal and regulatory compliance, and appropriate financial reporting in well-managed businesses.
Only trustworthy procedures and financial data can help management drive corporate performance and decision-making. When it comes to financial reporting, business organizations are facing growing complexity. More complicated business structures and technology are part of the evolution of business.
- Controls of Outsourced Service Providers
Outsourced technology service providers are a common component of today’s global business environment, and organizations must be able to guarantee that such outsourced service provider is using adequate controls to prevent data breaches or errors.
This may include:
- The establishment of administrator or “super-user” accounts, from which additional user accounts for each IT application may be created.
- Software lifecycle management which is the process of developing, testing, and deploying a new application in your company.
- Ensuring that each application has adequate access restrictions, password management, and other identity authentication are used.
- Maintaining audit logs, which keep track of all transactions and modifications to IT systems
- Access to programs and data
Roles within the company should be spelled out and employees should have proper training on the system. ITGC should also include:
- Policies and processes
- Responsibilities and roles
- Configuration of security parameters in operating systems and apps, including:
- Access rights for users
- Training & Monitoring
- Safety and security
- Access to the internet
- Management of Change
Organizations must have comprehensive mechanisms in place to document how information or processes are updated, as well as whether those changes are approved or rejected. This control ensures that modifications to IT systems are only allowed and deployed after documented change management processes have been followed.
Managing controls ensure that patch management processes are recorded, authorized, and followed to the letter. Patch management ensures that security or software upgrades are applied to all systems that require them as soon as possible.
- Security Policy
With the ITGC, there should also be security and backup protocols in place. Security policies include:
- Controls to ensure that security policies and procedures are recorded and signed off on by authorized personnel.
- Controls to offer reasonable confidence that reported IT events and related problems are investigated, addressed, and documentation is completed.
- Controls for data backup, restoration, and destruction to offer reasonable confidence that processes are recorded, approved, and followed.
- Controls for user access control to limit the number of users with access to highly sensitive data.
The goals of ITGCs are to assure appropriate application design and implementation of program and data file integrity. General system operations restrictions like application controls can be either human or automated.