IT General Controls

ITGC’s are controls that apply to all information assets for a given organization or IT environment. They are a critical part of running an organization. As soon as a real life incident affects your organization, and it will, well implemented ITGC practices make all the difference between success and failure.

What it means for your organisation

ITGC help organizations grow safer, and with less risk, allowing employees to focus on key business objectives. ITGC are usually tested as part of financial statement audits and regulatory reviews. This underlines the need to establish good practices early on.

Understanding the IT environment

Map business processes to information assets to understand priorities and dependencies. This helps to respond to audit requests with confidence.

Implement IT controls

Define the IT general controls applicable to business-critical information assets, and then implement organisational, process, and technical measures.

Pass formal ITGC audit

ITGC audits are performed by CPA firms, and are usually intense processes. Auditors interview many employees and seek high quality evidence.
Tidal Framework image

Pass ITGC audits effortlessly with Tidal Control

Tidal ITGC content

Predefined library with ITGC controls, enriched with labels and guidance. ITGC can be used for SOx and EBA ICT Operations oversight.

Business criticality

Map business processes and information assets to controls to build a comprehensive and risk-based view of your environment.

Audit reporting

Present the results to your external auditor and allow them to verify the origin and path followed by evidence and test results.

Policy management

Implement and manage policies linked to the ITGC, and automate the periodic review and approval process.

Automated evidence collection

Collect data from your IT assets automatically and attach it to the right audit activity.

Test once, use many

ITGC controls in Tidal are mapped to many existing frameworks, allowing you to reuse their results for ISO, GDPR and SOC2 audits.