IT Controls form an important part of internal controls over financial reporting. Any organization these days runs on some sort of application, software or ERP. There is normally a misconception that controls relating to such applications do not form part of internal controls over financial reporting. The truth is controls relating to applications, systems , ERPs etc very much form part of the scope of internal control over financial reporting and therefore need to be evaluated by the management. Considering IT risks such as inaccurate data processing, unauthorized access to systems, unauthorized changes to applicationsunauthorized changes to data, loss of data etc, IT controls become all the more important. Broadly, IT controls either are evaluated at the user level or at the infrastructure / entity level. IT controls in turn covers controls relating to a wide variety of areas. Some of the categories are:

IT General Controls - These include program management, system change, access and authorization controls for programs and data, computer operations, program development, change management etc.

Application and Process Controls - These relate to authorizations, configurations, exception reports, system access related controls, interface controls, output and input controls.

Related Posts on Sarbanes Oxley...............

> Sarbanes Oxley Year Two Compliance , > SOX Learnings from Fortune 500 Companies , > Planning a SOX Implementation Project , > Types of Corporate Fraud