Page 141 - CA Inter Bhaskar Vol 1
P. 141
CA RAVI TAORI RISK ASSESSMENT AND INTERNAL CONTROL
AUDIT BHASKAR CH 03 - PART 05 General IT Controls Infrastructure, policies & procedures which are for IT System (IT Dept)
(CNO--AAE.120) TYPES OF CONTROLS IN AN AUTOMATED ENVIRONMENT
(MCQ-Incs.01.1, Incs.01.2, Incs.30.5)
TYPES OF CONTROLS
of organisation which are not related to specific application (Software)
1) Definition
but many applications is called General IT Controls.
They help Individual application Controls to perform better.
2) Features They are also called pervasive Controls or Indirect Controls
It includes 4 types of Controls
To keep unauthorised persons
1) Access Control
away from IT Dept
2) Application They ensure the compatible
Acquisition, Development applications which fulfill need of
& Maintenance
Controls (ADM) users are acquired or developed
They ensure data of all application
3) Data Centre & Network
is safe & secure and is easily
Controls
available to authorised users
It ensures that operating system on
4) Program change Control which whole department is based
is regularly upgraded
A. General IT Controls
B. Application Controls
C. IT-Dependent Controls
A. GENERAL IT CONTROLS (AS PER SA 315) (QNO-AAE.29) (MCQ-AAE.2, AAE.3, AAE.8,
AAE.11, AAE.22, Incs.01.3, Incs.30.1)
Definition General IT controls includes infrastructure, policies and procedures that support, affects IT system
of organization and relate to many applications and support the effective functioning of
application controls. They apply to mainframe, and end-user environments.
Objective General IT-controls that maintain the
Integrity of information (Accuracy),
Safety &Security of Data
Mitigates These are IT controls generally implemented to mitigate the IT specific risks and applied
Risk
commonly across multiple IT systems, applications and business processes.
Pervasive / Hence, General IT controls are known as “pervasive” controls or “indirect” controls.
Indirect
Controls
Commonly include controls over the following:
Types of
General IT Data center and network operations Controls
Controls Program change Controls
Access security Controls
Application system acquisition, development, and maintenance (Business Applications)
Controls.
www.auditguru.in 03.72
