Review of general IT controls in the information system (GITC)
The growing complexity and need to rely on information technologies has resulted in a greater need on establishing controls in the IT environment. There is a trend of automation of processes and controls by adopting advanced IT products and services to enable greater efficiency in business, compliance and reporting activities, which requires an increased focus on the efficient functioning of controls within information system management.
Multiple application systems, data stores, and layers of supporting IT infrastructure (database, operating system, and network) can be included in the business process, from initiating a transaction to logging it in the general ledger. Such transactions ultimately lead to reporting in financial statements, and therefore, any or all of these systems and IT infrastructure may be relevant to the audit.
General information system controls (GITC) are a critical component of business operations and financial information control. They provide the basis for relying on data, reports, automated controls, and other system functionality at the core of business processes. The security, integrity and reliability of financial information rely on appropriate access controls, change management, and operational controls.
The importance and relevance of general IT c for key stakeholders, investors, regulators, audit committees, management and auditoontrolrs are steadily growing.
These controls cover areas related to information system management such as:
- Managing user access
- Segregation of duty
- Managing privileged access
- Managing changes in the information system
- Managing trust of services related to the information system
- Business continuity management
How can Deloitte help?
- We assist clients in establishing general control systems in the information system
- We conduct checks of established GITC controls in relation to best practice standards with a rating of adequacy.