NOTE: This course is updated in January 2025.

Business reliance on information technology and the associated risks are restructuring how auditors audit and what auditors assess.

Section 404 of the Sarbanes-Oxley (SOX) Act, requires public companies, and their auditors to annually assess and report on the design and effectiveness of internal control over financial reporting. The reliability of financial reporting is heavily dependent on a well-controlled IT environment.

Today, every auditor must have a good comprehension of information technology basics and the vulnerabilities, threats and risks that face organizations each day to effectively plan and execute any audit engagement.

In this course, we explore the Key Information Technology General Controls areas that must be addressed to ensure the confidentiality, integrity and availability of data and information assets, as well as the reliability of financial reporting.

Course Key Concepts: ITGC, IT Controls, Information Technology General Controls, SOX 404, IT Audit, ICFR, Internal Control over Financial Reporting, Data Confidentiality, Data Integrity, Data Availability.

Learning Objectives
  • Identify and describe the key controls over Access to Programs and Data.
  • Explore the main Physical Access and Environmental controls over critical IT Infrastructure.
  • Recognize the important Change Management controls.
Last updated/reviewed: January 30, 2025
15 Reviews (63 ratings)

Reviews

5
Member's Profile
This was a great introduction to ITGC controls, and an excellent presentation under each key area. I now feel I have some general knowledge to apply to general controls. I really appreciate having the additional materials provided by the instructor.

5
Anonymous Author
This is a great course that manages to cover a lot of ground in a short period of time. I especially appreciated the detail given to physical/environmental controls.

5
Anonymous Author
I learned a lot from this course. The instructor was effective in the way he presented the course materials. I will definitely take another course on ITGCs.

3
Anonymous Author
This video had some technical issues, it would not play continuously, this was not the case for videos played before this one or after this one.

3
Anonymous Author
Pretty boring and difficult to follow as it is hard to pay attention as tone of voice and he seems to be reading all time

5
Anonymous Author
Very detailed and clear. Enjoyed this course. The slide attachments are very useful and helpful to save for future use!

5
Member's Profile
Great introduction to ITGC auditing. Like the control type split. Good knowledge of DC operating and controls.

5
Member's Profile
This course covered ITGC auditing in more detail than I've seen in similar courses. Very valuable content!!

3
Anonymous Author
Content was good, but would be more helpful if instructors weren't just reading from the slides.

5
Member's Profile
I enjoyed how the instructor leveraged his experience to teach the audience what is important.

5
Member's Profile
A good course on ITGC. It has helped me refresh and reinforce my understanding of the topic

5
Anonymous Author
The program provided an overview of information technology general computer controls.

5
Anonymous Author
Great course. Would take again. Really great refresher on ITGC testing

5
Anonymous Author
Excellent course and resources for auditing IT General Controls.

5
Anonymous Author
This was a great and informative course on auditing ITGc’s.

Prerequisites
Course Complexity: Foundational

No advanced preparation or prerequisites are required for this course.
Additional takeaways from this course will include templates to help develop:
- Basic Data Center controls assessment questionnaire – to assist in audit planning, scoping and risk assessment
- Basic ITGC audit program – to guide the testing of the design and effectiveness of the ITGCs.

Education Provider Information
Company: Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
Contact: For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
Instructor for this course
Course Syllabus
INTRODUCTION AND OVERVIEW
  An Overview to Auditing the Key Information Technology General Controls (ITGC)2:30
  Introduction to IT General Controls2:50
  Overview of Relevant Control Frameworks9:12
  Defining the ITGC and The Types of Controls6:08
  The Importance of Performing General Audits7:54
  Four Key Areas- Data Center Physical and Environmental Controls7:20
  Environmental Control Consideration10:34
  Power Protection10:06
  Key Area - Identity and Access Management Control14:30
  Key Area - Change Management Control10:40
  Key Area - Data Center Operations Control7:18
  ITGC Audit Common Deficiencies6:54
  Conclusion2:24
CONTINUOUS PLAY
  Auditing the Key Information Technology General Controls (ITGC)1:38:18
SUPPORTING MATERIAL
  Slide: Auditing the Key Information Technology General Controls (ITGC)PDF
  Auditing the Key Information Technology General Controls (ITGC) Glossary/ IndexPDF
Additional Resources
  Basic ITGC Audit ProgramPDF
  Data Center QuestionnairePDF
REVIEW AND TEST
  REVIEW QUESTIONSquiz
 FINAL EXAMexam