ابدأ بالتواصل مع الأشخاص وتبادل معارفك المهنية

أنشئ حسابًا أو سجّل الدخول للانضمام إلى مجتمعك المهني.

متابعة

What should companies do to identify the exact scope for ITGC?

user-image
تم إضافة السؤال من قبل Sohaib Tariq , Internal Audit Section Head , beIN Media Group
تاريخ النشر: 2016/09/18
Praveer Neeraj
من قبل Praveer Neeraj , Lead Solution Advisor , Deloitte US India

Before we can define the scope of ITGC, a company needs to identify the processes which may affect it's financials. Scoping for General IT Controls (ITGC) depends largly on the applications an entity is using. The three domains of ITGC - Access Security, Change Management and IT Operations are meant to test the controls around IT environment in order to ensure that the company's financials are accurate, complete and authorized.

The scope of ITGC should include all the applications and related OS & Databases which not only host the financial data but also facilitate in Company's transactions - anything and everything that may affect the financials. By its default nature, the scope should also include IT controls around the Data Center.

For example, let us consider we are defining the ITGC scope for a Stock/Securities company. We should include the front end applications which are used to buy/sell securities by the end users, the interfaces which post the customer data to the central server, the backup server, the OS, the DB and the Data Center. Again, we must include the applications which the Company is using for managing its financials, for example - Payroll, Vendor management, ERP (Financial Module) etc.

المزيد من الأسئلة المماثلة