IT Examiner School, Providence, RI

Types of IT Audits

Internal Audits/ Certifications

IT General Controls

Penetration Tests

Vulnerability Assessments

Statement on Standards for Attestation  Engagements (SSAE‐16/18)

IT General Controls (ITGC)

• Logical access controls over  infrastructure, applications, and data • System development life cycle controls • Program change management controls • Data center physical controls • System and data back‐up and recovery  controls • Computer operation controls

ITGC:

ITGCs should be performed annually