The six ITGC audit controls include physical and environmental security, logical security, change management, backup and recovery, incident management and information security.
General controls include software controls, physical hardware controls, computer oper- ations controls, data security controls, controls over the systems implementation process, and administrative controls.
An IT control is a procedure or policy that provides a reasonable assurance that the information technology (IT) used by an organization operates as intended, that data is reliable and that the organization is in compliance with applicable laws and regulations.
A feedback control system consists of five basic components: (1) input, (2) process being controlled, (3) output, (4) sensing elements, and (5) controller and actuating devices.
The six principles of control activities are: 1) Establishment of responsibility, 2) Segregation of duties, 3) Documentation procedures, 4) Physical controls, 5) Independent internal verification, 6) Human resource controls.
Control activities – Control activities are the policies and procedures that help ensure management directives are carried out. They include a range of activities as diverse as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets and segregation of duties.
At a minimum, an entity should consider how its internal controls program will: 1) assess activity and process-level risk, 2) design and implement internal controls, 3) monitor whether controls are operating as designed, and 4) evaluate control efficacy.
General controls facilitate the proper operation of information systems by creating the environment for proper operation of application controls. General controls include security management, logical and physical access, configuration management, segregation of duties, and contingency planning.
Information system refers to various information technology systems like computers, software, database, communication systems, the internet, devices, and others used by an organization to collect, transfer, organize, and store data.
The seven main categories of access control are directive, deterrent, compensating, detective, corrective, and recovery.
What are the seven major classes of access control? The directive, deterrent, preventative, detective, corrective, compensating, and recovery.
NIOSH defines five rungs of the Hierarchy of Controls: elimination, substitution, engineering controls, administrative controls and personal protective equipment. The hierarchy is arranged beginning with the most effective controls and proceeds to the least effective.
Answer and Explanation: The correct answer is B. Maintaining security by having one person track and record assets. Maintaining security by having one person track and record assets is not a principle of internal control.
The steps in the control systems process are (1) set objectives and standards, (2) measure performance, (3) compare performance to standards, and (4) correct or reinforce, with a feedback loop for continuous improvement.
Information Technology General Controls (ITGCs) dictate how technology is used in an organization. ITGCs help prevent breaches, data theft, and operational disruptions. ITGCs influence everything from user account creation, to password management, to application development.
IT control objectives relate to the confidentiality, integrity, and availability of data and the overall management of the IT function of the business enterprise. IT controls are often described in two categories: IT general controls (ITGC) and IT application controls.
three basic categories — Engineering controls, Administrative controls, and Physical controls.