IT General Controls (ITGCs) are the foundational controls that ensure the reliability, integrity and security of the IT environment underpinning an organisation's automated business processes. They typically cover four domains: logical access controls (user authentication and authorisation), change management (controlled modifications to applications and systems), computer operations (job scheduling, backup and monitoring) and program development (secure software development lifecycle practices).
ITGCs are critical because they provide the assurance that application-level controls and automated processes can be trusted. If ITGCs are weak—for example, if anyone can modify production code without approval—then no application-level control can be considered reliable. They are a core audit focus area for SOC 1, SOC 2 and financial audit engagements, and are closely aligned with ISO 27001 Annex A controls, making them a fundamental building block of any comprehensive compliance programme.