Information Technology General Controls (ITGC)

Information Technology (IT) Controls are integral to the protection of our business and personal lives. They are comprised of tactics such as utilizing strong passwords, encrypting laptops and backing up files. In this course you will learn about policies, procedures and controls that entities should implement to protect corporate assets, company trade secrets, and customer and employee identity and financial information. This course takes you through a variety of controls you can implement to protect your organization’s assets, brand and image. We delve into understanding the principles behind IT General Computer Controls. Lastly, we discuss simple controls that can be implemented, critical monitoring that should be performed, and important training that needs to occur.

Training Logo
Overview

Business reliance on technology and the associated risks are reshaping how we audit and what we assess. Attempting to scope an operational audit without drilling into business technology is nearly impossible in today’s business landscape. In turn, conducting an IT audit without factoring business processes delivers limited assurance to the board of directors, and value to the enterprise. Every internal auditor today must have a general understanding of technology and the vulnerabilities, threats and risks that face our enterprises each day to effectively plan and execute any audit engagement. We will explore critical aspects of the IT environment including the importance of data governance and data management, the Scenario-based Risk Assessment process commonly used by IT Risk Managers and will walk through many of the most common technologies and associated vulnerability, threats, risks and controls using common business language and using common applications as our examples. We will have several discussions examining various documents to allow attendees to apply the knowledge learned during the session. By the end of this session attendees will have a better understanding on how to plan, scope and conduct an IT General Controls audit.

  • Duration
    40 hours
  • Batches
    Customizable as per your need
  • Suitable for
    Working professionals and students working in the Information system and security domain.
  • Course Details
    Download PDF
What you will learn
  • Recognize Information Technology (IT) risks
  • Explore the primary types of IT Controls
  • Identify IT Controls that mitigate specific risks
  • Explore practices to assist with IT control implementation
  • ITGC Audit Templates
  • ITGC System Summary
  • ITGC Overview Diagram
  • ITGC SOD (Segregation of duties)
  • ITGC Questionnaire
  • ITGC Report
background

Course Agenda

01

Risk Management

  • Risk Assessment
  • Risk Treatment
  • Risk Mitigation
  • Threat/Vulnerability/Impact
  • What is Control Testing ?

02

Governance

  • Policy
  • Procedure
  • Guidelines
  • Standards

03

Change Management Business Process

  • Change Authorization
  • Change Approval
  • Risk Control Matrix (RCM) of Change Management
  • Critical/Emergency Changes and how to handle those?
  • SoD – Segregation of Duties
  • Version Management/Source Code Management
  • What are Production, test and development environments? What is the difference?
  • UAT/System testing/Integrated testing
  • Post Implementation Review

04

Identity and Access Management Business Process

  • Provisioning Controls
  • De-Provisioning Controls
  • Privilege Controls testing
  • SoD – Segregation of Duties
  • Fire fighter user accounts
  • SSO – Single sign-on
  • Password Management
  • Authentication vs Authorization
  • How does governance play a role?
  • Enterprise Management
  • Logical Access
  • Remote Access Management
  • Direct Database Access
  • SoD – Segregation of Duties
  • Access Recertified

05

Project Management

  • Unapproved Projects and the risk associated with it.
  • Project Charter
  • SoW – Statement of Work
  • Ineffective Project Planning
  • Ineffective Project Monitoring
  • Project plans and risk associated with it.

06

Physical and Environmental Security

  • Site Facility design consideration.
  • Perimeter Security
  • Internal Security
  • Facilities Security
  • Data Centre Security
  • Unmitigated Environmental Threats
  • Inappropriate Access
  • Inappropriate Environmental Controls
  • Access Recertification

07

IT Service Operations

  • ITSCM Objectives
  • BIA
  • IT Service Continuity Planning
  • Availability Monitored
  • Backup Management
  • Back up Integrity Verification
  • Offsite Storage
  • BCP and DR Plan
  • BCP Training
  • Batch jobs/job scheduler
  • Handing of failed jobs
  • Incident Management
  • Problem Management

08

ERP Applications General Security Settings

  • General Security Aspects
  • Objectives
  • CIA – Confidentiality, Integrity and Availability
  • General Security Threats
  • Network Security Breaches
  • Handling of Electronic Media
  • Security Requirements / Configurations
  • Malicious Code Monitored
  • Data Classification
  • Hard Copy Management
  • Patch Management

09

IT Service Delivery

  • Robust IT Service Delivery Model
  • Governance
  • Organization
  • Operational Process
  • Performance Management
  • Service Delivery Model Process
  • SLA – Service Level Agreements
background

Why Choose us?

Over 200 classes are scheduled conveniently every year with small training groups and industry experienced faculties that provides:

  • One-Stop shop for IT Training
  • Companywide IT Training Solutions
  • Interactive Teaching Methodology
  • Job Oriented Training Solutions
  • Flexible modes of training
  • Recorded sessions are available
  • Live Project Experience

In a hurry? Let's chat!

Contact us on Whatsapp
logo
Our Locations
Quick Contact