Information technology general controls are very important in the overall control universe. This is beacuse, these controls are pervasive in nature. Infact, information technology general controls ITGC have a direct impact on the operating effectiveness of the automated application controls. But Sarbanes Oxley teams should note that automated application controls testing is not the same as ITGC testing. Just because automated controls are being tested, ITGCs cannot be ignored.

The initial scoping for the information technology general controls, should stress on key ITGCs rather than every general computer control. Examples of key ITGC would include controls over program development, controls over network, domain, management etc. Walkthroughs can be used in gaining an understanding of the ITGCs important to the control environment. Though ITGC and application controls testing are different, ITGC and automated controls go hand in hand. If automated controls are tested and are operating effectively over the entire period of SOX audit, then these need not been tested again every year, if they are supported by strong ITGC general computer controls. This apporach is nothing but the "benchmarking approach" mentioned by PCAOB in its standard. MAny companies are reaping the benefits of the benchmarking approach by concentrating on trying to achieve a strong ITGC environment.

Related Posts

Total Cost of Internal Controls
Evaluating Disclosure Controls & Procedures
Cost Benefit Analysis Before Implementing Controls
IT Governance for Sarbanes Oxley