IT Examiner School, Providence, RI

Risk Management

 Implement appropriate policies, procedures, standards, and controls.

 Conduct employee training, including Executives Management and the Board

 Testing of key controls

 Properly Dispose of Confidential Information (data destruction)

IT General Controls

The most common ITGCs: • Logical access controls over infrastructure, applications, and data

• System development life cycle controls • Program change management controls • Data center physical controls • Place of business physical controls • System and data back-up and recovery controls • Computer operation controls

ITGC audits should be performed annually