Mukhya Consulting Private Limited

Services

ITGC/ITAC Audit

Today, the success of a business largely depends on its ability to adopt the newest and the most sophisticated technologies.

From startups and SMEs to large enterprises, businesses of all types and sizes are joining the automation bandwagon to enhance the efficiency in their processes and operations.

This has led to an increasing complexity in IT setups across industries, resulting in stricter regulations and government mandates around controls in the IT environment. It demands effective operation of controls, fool-proof compliance, and accurate reporting of their IT assets and services.

Mukhya’s IT audit services focuses on the full spectrum of IT general controls (ITGC) and IT application controls (ITAC), which are the basic controls applied to applications, databases, operating systems, and the supporting IT infrastructure within an organization as well as the third-party assets such as the cloud.

The most common ITGCs are activities within a company that are put in place to mitigate the risks that could derail a company, hurt its interests, and hinder it form achieving its business objectives. These include:

Logical access controls over applications, data and supporting infrastructure.
Computer operation controls.
Backup and recovery controls.
Program change management controls.
System development life cycle controls.
Data center physical security controls.

At Mukhya, our dedicated IT audit professionals have the insights and working knowledge it takes to provide your business with a comprehensive ITGC coverage to effectively prevent and protect it against ITGC risks within your IT environment. We maintain the top auditing standards while:

Planning, designing, and performing the audit tailored to your organization
Management of the key IT areas
Management of business and governance processes
Ensuring processes, practices, and results remain in compliance with regulations

FAQ

What are the main objectives of an IT audit?

The prime objectives of an IT audit are to:

Assess the processes and systems that deal with company data Evaluate the risks to the information assets of an organization and help identify ways to address them.
Ensure that an organization’s information management processes are in full compliance with IT-specific laws, policies, and standards.
Recognize inadequacies in IT systems and associated management.

What are the general controls in auditing?

The basic controls that apply to IT systems such as operating systems, databases, applications, and supporting IT infrastructure are called IT general controls (ITGC). ITGCs are mainly aimed at ensuring the integrity of the data and processes supported by the systems. The most common ITGCs are:

Logical access controls over data, applications, and supporting infrastructure
Backup and recovery controls
Program change management controls
Data centre physical security controls
Computer operation controls
System development life cycle controls

What is meant by control risk in an audit?

Control risk is referred to as the risk of failure by the internal control in preventing or detecting incorrect information in the financial statements. Control risk comes as the 2nd most critical among the three types of audit risk because typically its role is to minimize the chances of error or fraud inherited from the business and its environment.

How do you assess control risk in an audit?

The responsibility for financial statements lies with the management of an organization. The internal controls put in place by the organization are meant to produce accurate and effective reporting.
Let’s look at some instances of control activities and the specific procedures that should be there in an ideal control environment:

Division of duties: This applies to proper segregation of responsibilities authorization, custody, and recordkeeping. Simply put, the one who requests an order of IT systems should not be the same person to authorize the request.
Proper documents and records: All the source documents like purchase orders, customer invoices, and paid invoices must be maintained in a proper filing system.
Physical control of assets and records: This involves ensuring safe and secure locations for the assets, related furniture, and equipment and having a backup of records if they are misplaced or lost in a calamity.