IT general controls are critical and central to business processes. They typically impact multiple applications in the technology environment and prevent certain events from impacting the integrity of processing data. Computer operations, physical and logical security, program changes, systems development, and business continuity are examples of processes where general IT controls reside.
The objective of these controls is to mitigate risks associated with their pervasive effect on the reliability, integrity and availability of processing relevant data. In this questionnaire, you can determine whether the control exists, whether it was designed properly, related test procedures, and management's action plan for deficiencies.
Example control objectives in this questionnaire include:
- Management has prepared strategic plans for IT that align business objectives with IT strategies. The planning approach includes mechanisms to solicit input from relevant internal and external stakeholders affected by the IT strategic plans.
- Management obtains feedback from business process owners and users regarding the quality and usefulness of its IT plans for use in the ongoing risk assessment process.
- Control activities are in place and followed to ensure compliance with external requirements, such as regulatory and legal rules.