ITGC vs ITAC

Definition

control activities performed within the IT Organization or the technology that they support that can be applied to every system that the organization relies upon

Why is it important?

General control concepts can be applied regardless of industry, business line, or size and complexity
of the systems processing environment

Without effective General Computing Controls, reliance on IT systems may not be possible

Systems hardware and software applications support the critical business processes of almost every company

Objective of Application Controls

data is processed as intended

data stored is accurate and complete

data is accurate, complete, authorized and correct

access to data is limited based on business need

Definition

data generated or processed through an IT application, and/or end user computing solution

Types

Data that represents substantive audit evidence to support assertions for significant accounts

Other data provided by the entity

Data supporting the performance of internal controls, including key performance indicators

Categories of Application Control

Validations

Calculations

Edit checks

Interfaces

Authorizations