Register now or log in to join your professional community.
Before we can define the scope of ITGC, a company needs to identify the processes which may affect it's financials. Scoping for General IT Controls (ITGC) depends largly on the applications an entity is using. The three domains of ITGC - Access Security, Change Management and IT Operations are meant to test the controls around IT environment in order to ensure that the company's financials are accurate, complete and authorized.
The scope of ITGC should include all the applications and related OS & Databases which not only host the financial data but also facilitate in Company's transactions - anything and everything that may affect the financials. By its default nature, the scope should also include IT controls around the Data Center.
For example, let us consider we are defining the ITGC scope for a Stock/Securities company. We should include the front end applications which are used to buy/sell securities by the end users, the interfaces which post the customer data to the central server, the backup server, the OS, the DB and the Data Center. Again, we must include the applications which the Company is using for managing its financials, for example - Payroll, Vendor management, ERP (Financial Module) etc.