This course deals with IT General Controls (ITGC), that are used to implement the IT part of an Internal Control System, mostly for compliance to regulations like the Sarbanes-Oxley-Act (SOX), the EU directive #8 2006/43/EG (also known as “EuroSOX”), or local laws like the Austrian URÄG 2008.
After a short overview of the IT-related aspects of Sarbanes-Oxley-Act compliance, IT General Controls are introduced, their role in Internal Control Systems is explained, and their importance for achieving compliance to the IT-related part of the Sarbanes-Oxley-Act is highlighted.
A short excursion to Information Produced by the Entity (IPE) and their connection to ITGCs is made, before practical examples of IT General Controls are presented, that facilitate hands-on experience with real-life controls in daily use within SOX-compliant organizations.
A final quiz concludes this course, testing your knowledge of SOX ITGC basics.
Overview of IT General Controls Environment
This section presents an overview of the IT-related aspects of Sarbanes-Oxley-Act compliance.
IT General Controls (ITGC)
A definition of IT General Controls and their structure is given in this section.
Information Produced by the Entity (IPE)
A quick excursion on Information Produced by the Entity (IPE) and their relation to ITGCs.
A short introduction into the COBIT governance framework.
Examples of IT General Controls
A few practical examples if IT General Controls commonly used in SOX-compliant companies.
- ITGC Basics – Examples of Controls
- ITGC Basics – Example 1: APO01 Review of Security Policy
- ITGC Basics – Example 2: DSS04 Review Backup Restore
- ITGC Basics – Example 3: DSS05 Password Reset on Application Level
- ITGC Basics – Example 4: BA107 Documentation, Classification, Testing, and Approval of Changes
A short quiz testing your knowledge of IT General Controls.