IT environments continue to increase in complexity with ever greater reliance on the information produced by IT systems and processes. The recent emergence of regulations aiming to restore the investor confidence placed a greater emphasis on internal controls and often requires independent assessments of the effectiveness of internal controls. The IT General Controls capability covers identification, evaluation and validation of controls, including reporting of areas for improvement identified together with our recommendations, in the following areas:
Access to Programmes and Data
Policies and procedures
Roles and responsibilities
Security parameter settings of operating systems, applications ...