IT Examiner School, Providence, RI
Risk Management
Implement appropriate policies, procedures, standards, and controls.
Conduct employee training, including Executives Management and the Board
Testing of key controls
Properly Dispose of Confidential Information (data destruction)
IT General Controls
The most common ITGCs: • Logical access controls over infrastructure, applications, and data
• System development life cycle controls • Program change management controls • Data center physical controls • Place of business physical controls • System and data back-up and recovery controls • Computer operation controls
ITGC audits should be performed annually
Made with FlippingBook Annual report