IT Examiner School, Seaside, CA

Types of IT Audits

• Internal Audits/ Certifications • IT General Controls • Penetration Tests

• Vulnerability Assessments • Statement on Standards for Attestation Engagements (SSAE-18)

IT General Controls (ITGC)

The most common ITGCs: • Logical access controls over infrastructure, applications, and data • System development life cycle controls • Program change management controls • Data center physical controls • System and data back-up and recovery controls • Computer operation controls

ITGCs should be performed annually