ITGC audits ensure your IT systems are secure, reliable, and fully aligned with accurate financial reporting

Click for PDF file

An ITGC audit is essentially a review of a company’s general IT controls to ensure the security, reliability and effectiveness of its IT systems. These systems may include IT infrastructure, application systems and information/data that enable proper functioning of business processes and ensure accurate reporting.

ITGC typically covers the following major areas

IT Operations: Controls around backups, incident response & resolution, disaster recovery, system maintenance and overall monitoring of IT system performance.

Access management: Ensuring restricted access to systems, data and applications only to authorized users and strictly according to defined roles and responsibilities.

IT Change management: Proper governance over system changes ensuring all changes are approved, documented, tested and implemented correctly to avoid unauthorized changes and minimize risk.

System Development Life Cycle (SDLC): Evaluating controls related to the development and implementation of new IT systems to ensure they follow structured and secure processes.

ITGC audits can be conducted independently or in combination with other IT system audits and typically before the financial statement audit to ensure the reliability of IT systems that support financial reporting.