Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, Computer Forensics, External Audit, Fraud, GCC, Internal Audit, IT Audit, ITAC, ITGC
At the IT level, general controls usually represent the policies, procedures, and directives applied to all or a large portion of an entity’s information systems and assist in ensuring their proper operation. Sub-categorically, ISACA defined general computer controls (GCC) are general controls, other than application controls, that relate to the environment within which computer based application systems are developed, maintained and operated, and therefore applicable to all applications. Furthermore, ISACA avers, pervasive controls are a general controls subset and appertain specifically to management and monitoring IT related activities.
Management is responsible for implementing and maintaining an adequate internal controls system. Whereby; policies, procedures and directives are the primary means to document management’s intentions regarding an organization. In this context, published policies, procedures, and directives reflect managements’ criteria for executing specific tasks.
“View Part I of the Irregularities and Illegal Acts Agreed-Upon Procedures Assessments series here“