Back to Course

Collect and Record Information Queries and Requests

0% Complete
0/0 Steps
  1. Module 1
    13 Lessons
    |
    1 Quiz
  2. Module 2
    8 Lessons
    |
    1 Quiz
  3. Module 3
    8 Lessons
    |
    1 Quiz

Participants 175

Show more
Collect and Record Information Queries and Requests Module 3 3.8. Minimise Risks to the Information Technology Environment
Module 3, Lesson 8
In Progress

3.8. Minimise Risks to the Information Technology Environment

12345as
Module Progress
0% Complete

Risk is the potential that a chosen action or activity (including the choice of inaction) will lead to a loss. The notion implies that a choice having an influence on the outcome sometimes exists. Potential losses themselves may also be called “risks”. Any human endeavour carries some risk, but some are much riskier than others.

In business, information technology controls or IT controls are specific activities performed by persons or systems designed to ensure that business objectives are met and risks are minimised. They are a subset of an enterprise’s internal control. 

IT control objectives relate to the confidentiality, integrity, and availability of data and the overall management of the IT function of the business enterprise. IT controls are often described in two categories: IT general controls (ITGC) and IT application controls. ITGC includes controls over the Information Technology (IT) environment, computer operations, access to programs and data, program development and program changes. IT application controls refer to transaction processing controls, sometimes called “input-processing-output” controls. Information technology controls have been given increased prominence in corporations

The COBIT Framework (Control Objectives for Information Technology) is a widely used framework promulgated by the IT Governance Institute, which defines a variety of ITGC and application control objectives and recommended evaluation approaches. IT departments in organisations are often led by a Chief Information Officer (CIO), who is responsible for ensuring effective information technology controls are utilised.

IT General Controls (ITGC)

ITGC represents the foundation of the IT control structure. They help ensure the reliability of data generated by IT systems and support the assertion that systems operate as intended and that output is reliable.

ITGC usually includes the following types of controls:

  • Control environment or those controls designed to shape the corporate culture
  • Change management procedures – controls designed to ensure changes meet business requirements and are authorised.
  • Source code/document version control procedures – controls designed to protect the integrity of program code
  • Software development life cycle standards – controls designed to ensure IT projects are effectively managed.
  • Logical access policies, standards, and processes – controls designed to manage access based on business needs.
  • Incident management policies and procedures – controls designed to address operational processing errors.
  • Problem management policies and procedures – controls designed to identify and address the root cause of incidents.
  • Technical support policies and procedures – policies to help users perform more efficiently and report problems.
  • Hardware/software configuration, installation, testing, management standards, policies and procedures.
  • Disaster recovery/backup and recovery procedures, to enable continued processing despite adverse conditions.
  • Physical security – controls to ensure the physical security of information technology from individuals and from environmental risks.

IT application controls 

IT application or program controls are fully automated (i.e., performed automatically by the systems) and designed to ensure the complete and accurate processing of data, from input through output. These controls vary based on the business purpose of the specific application. These controls may also help ensure the privacy and security of data transmitted between applications.

Categories of IT application controls may include:

  • Completeness checks – controls that ensure all records were processed from initiation to completion.
  • Validity checks – controls that ensure only valid data is input or processed.
  • Identification – controls that ensure all users are uniquely and irrefutably identified.
  • Authentication – controls that provide an authentication mechanism in the application system.
  • Authorisation – controls that ensure only approved business users have access to the application system.
  • Input controls – controls that ensure data integrity fed from upstream sources into the application system.
  • Forensic controls – control that ensures data is scientifically correct and mathematically correct based on inputs and outputs

About Us

Today, Wholesun Bread is the largest independent bread manufacturer in the country.

Pages

Help

Social Media

Facebook Instagram

Copyright 2025 – Universal Food Corporation