IT General Controls
ITGC’s are controls that apply to all information assets for a given organization or IT environment. They are a critical part of running an organization. As soon as a real life incident affects your organization, and it will, well implemented ITGC practices make all the difference between success and failure.
What it means for your organisation
ITGC help organizations grow safer, and with less risk, allowing employees to focus on key business objectives. ITGC are usually tested as part of financial statement audits and regulatory reviews. This underlines the need to establish good practices early on.
Understanding the IT environment
- Map business processes to information assets to understand priorities and dependencies. This helps to respond to audit requests with confidence.
Implement IT controls
- Define the IT general controls applicable to business-critical information assets, and then implement organisational, process, and technical measures.
Pass formal ITGC audit
- ITGC audits are performed by CPA firms, and are usually intense processes. Auditors interview many employees and seek high quality evidence.
Pass ITGC audits effortlessly with Tidal Control
Tidal ITGC content
- Predefined library with ITGC controls, enriched with labels and guidance. ITGC can be used for SOx and EBA ICT Operations oversight.
Business criticality
- Map business processes and information assets to controls to build a comprehensive and risk-based view of your environment.
Audit reporting
- Present the results to your external auditor and allow them to verify the origin and path followed by evidence and test results.
Policy management
- Implement and manage policies linked to the ITGC, and automate the periodic review and approval process.
Automated evidence collection
- Collect data from your IT assets automatically and attach it to the right audit activity.
Test once, use many
- ITGC controls in Tidal are mapped to many existing frameworks, allowing you to reuse their results for ISO, GDPR and SOC2 audits.