General IT Controls (GITC)

Risk and Impact

The importance of information technology (IT) controls has recently caught the attention of organisations using advanced IT products and services.

This thought paper has been developed for the management of companies that are required to establish framework on internal controls and to ensure its effective operation throughout the year. This document draws attention on how applications should be scoped-in for monitoring internal controls and how control gaps need to be assessed and concluded.

Increasing complexity of the IT setup has resulted in a greater focus around controls in the IT environment.

With mandates emanating from various regulations, internal controls have gained more momentum in India during recent years. There is a trend of automation in processes and controls by adoption of advanced IT products and services for enabling greater efficiency in operations, compliance and reporting activities. This requires an increased focus on effective operation of controls around IT assets and services.

Internal Financial Controls over Financial Reporting

“Internal controls” refers to those activities within a company that are placed by the management to mitigate the risks that could hinder the company from achieving its objectives. Under the Committee on Sponsoring Organizations (COSO) framework revised in May 2013, there are three types of objectives which internal controls need to meet, as depicted below:

  • Compliance
  • Reporting
  • Operations
Did you find this useful?