IT General Controls (ITGCs) Review

IT environments have continued to increase in complexity with ever greater reliance on the information produced by IT systems and processes. The recent emergence of regulations aiming to restore the investor confidence has placed a greater emphasis on internal controls and often requires independent assessments of the effectiveness of internal controls.

More and more market players in their approach towards internal control assessment, design an implementation need embedding an underlying risk analysis approach with a focus on reliable and effective key application controls. While Risk Management in itself is moving at the top of the Board agenda due to high profile business failures, heavy regulatory pressure is increasing compliance requirements which needs to be integrated into the company internal control framework.

If this is your situation

You need to ensure that systems are developed, configured, and implemented to achieve management’s objectives
You need to ensure that changes to programs and related infrastructure components are requested, prioritised, performed, tested, and implemented in accordance with management’s objectives
You need to ensure that transactions are processed completely and accurately in accordance with management's objectives, and that processing problems are identified and resolved completely and accurately to maintain the integrity of financial data
You need to ensure that only authorised access is granted to programmes and data upon authentication of a user's identity.

How PwC can help you

PwC can provide you with an overall evaluation of management controls; assurance on business process, system and data technology management. Our services enable you to gain comfort that your systems, processes and risk management procedures are operating effectively and within a well - controlled environment.

Our practice is backed by a global resource pool, focused tools, "standard industry practices" knowledge, training and technology.

The IT General Controls review service covers identification, evaluation and validation of controls, including reporting of weaknesses identified together with our recommendations, in the following areas:

Access to Programmes and Data

Policies and procedures
Roles and responsibilities
Security parameter settings of operating systems, applications and databases
User access rights
Monitoring & Training
Physical security
Network access

Control over Computer Operations

Organisation of IT function
Service Level Agreements
Business Continuity and Disaster Recovery Plans
Network Management
Backups and Recovery

Controls over Programme Development and Implementation of New Systems

Testing
Transfer to live
Documentation and Training

Controls over Programme Changes

Maintenance activities
Change Requests

Contacts

Christos Tsolakis: Partner - Assurance SPA; Nicosia; Tel: +357-22555000; Fax: +357-22555001

Related challenges

Share