Information Technology General Controls (ITGCs) and Automated Application Controls

This session provides a deep glimpse into IT general and application controls using a variety of frameworks, including COSO’s Internal Control – Integrated Framework and ISACA’s Control Objectives for Information and Related Technologies (COBIT framework).  While much of the focus will be on access, cybersecurity and change management risks, we will also tackle a wider range of ITGCs, such as IT governance and disaster recovery.  Topics include:

• A review of framework options, including those geared towards cybersecurity
• Defining an effective cybersecurity risk management strategy
• Outsource service provider considerations, including SOC reports
• AICPA’s guidance on cybersecurity
• Regulatory practice alerts, both for industry and those in public accounting
• Strategies for mitigating IT risks
• IT governance
• Disaster recovery
• Handoffs from technology to people
• Designing effective internal controls over technology risks
• Testing IT controls
• Defining roles and responsibilities
• Protecting sensitive information
• Managing big-data
• Reporting to the board of directors