Business reliance on information technology and the associated risks are restructuring how auditors audit and what auditors assess.

The Sarbanes-Oxley Act’s Section 404 (SOX 404) requires public companies, and their auditors to annually assess and report on the design and effectiveness of internal control over financial reporting. The reliability of financial reporting is heavily dependent on a well-controlled IT environment.

Today, every auditor must have a good comprehension of information technology basics and the vulnerabilities, threats and risks that face organizations each day to effectively plan and execute any audit engagement.

ITGC, a type of internal control, are a collection of policies that assure the proper application of control systems throughout a company. ITGC audit assist a company in ensuring that ITGC controls are in place and working effectively, enabling proper risk management within the organization.

In this course, we explore the Key Information Technology General Controls (ITGC Controls) areas that must be addressed to ensure the confidentiality, integrity and availability of data and information assets, as well as the reliability of financial reporting.

The categories of ITGC controls, including systems development, change management, programs and data security, as well as how to audit the general controls (GC), will be covered in this course. We will also talk about prevalent challenges and flaws found in ITGC audit.

Course Key Concepts: ITGC, IT Controls, Information Technology General Controls, SOX 404, IT Audit, ICFR, Internal Control over Financial Reporting, Data Confidentiality, Data Integrity, Data Availability.

Learning Objectives
  • Identify and describe the key controls over Access to Programs and Data.
  • Understand the techniques for auditing key ITGC controls.
  • Explore the main Physical Access and Environmental controls over critical IT Infrastructure.
  • Recognize the important Change Management controls.
Last updated/reviewed: August 12, 2023
12 Reviews (35 ratings)


Member's Profile
This was a great introduction to ITGC controls, and an excellent presentation under each key area. I now feel I have some general knowledge to apply to general controls. I really appreciate having the additional materials provided by the instructor.

Anonymous Author
This is a great course that manages to cover a lot of ground in a short period of time. I especially appreciated the detail given to physical/environmental controls.

Anonymous Author
I learned a lot from this course. The instructor was effective in the way he presented the course materials. I will definitely take another course on ITGCs.

Anonymous Author
This video had some technical issues, it would not play continuously, this was not the case for videos played before this one or after this one.

Anonymous Author
Very detailed and clear. Enjoyed this course. The slide attachments are very useful and helpful to save for future use!

Member's Profile
Great introduction to ITGC auditing. Like the control type split. Good knowledge of DC operating and controls.

Member's Profile
This course covered ITGC auditing in more detail than I've seen in similar courses. Very valuable content!!

Anonymous Author
Content was good, but would be more helpful if instructors weren't just reading from the slides.

Member's Profile
I enjoyed how the instructor leveraged his experience to teach the audience what is important.

Member's Profile
A good course on ITGC. It has helped me refresh and reinforce my understanding of the topic

Anonymous Author
Excellent course and resources for auditing IT General Controls.

Anonymous Author
This was a great and informative course on auditing ITGc’s.

Course Complexity: Foundational

No advanced preparation or prerequisites are required for this course.
Additional takeaways from this course will include templates to help develop:
Preliminary ITGC controls assessment questionnaire – to assist in audit planning, scoping and risk assessment.
Key ITGC audit program – to guide the testing of the design and effectiveness of the ITGCs.

Education Provider Information
Company: Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
Contact: For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
Instructor for this course
Course Syllabus
  An Overview to Auditing the Key Information Technology General Controls (ITGC)2:10
  What Are ITGC?7:40
  ITGC Key Areas of Focus9:22
  Key Control Areas-Part 17:04
  Environmental Control Consideration10:10
  Power Protection9:27
  Key Control Areas-Part 214:40
  Key Control Areas-Part 38:37
  Key Control Areas-Part 413:34
  Auditing the Key Information Technology General Controls (ITGC)1:22:44
  Slide: Auditing the Key Information Technology General Controls (ITGC)PDF
  Auditing the Key Information Technology General Controls (ITGC) Glossary/ IndexPDF
  Key IT General Controls Audit ProgramPDF
  Preliminary ITGC Controls Assessment QuestionnairePDF