This work program helps to evaluate the design of the IT general control (ITGC) environment that supports the company, including the infrastructure, applications, policies and procedures. ITGCs will be identified through meetings with key IT personnel and review of supporting policies and procedures. The design of the company’s ITGCs will be evaluated by comparing current-state practices with leading IT practices (e.g., COBIT, ITGI).
Control activities focus on ensuring system security, managing the configuration, managing changes, managing data, managing interfaces, managing incidents, business continuity/disaster recovery, and third-party service providers.