Please enable JavaScript.
Coggle requires JavaScript to display documents.
IT General Control (ITGC) (Control Type (Preventive (prevent occurrence)…
IT General Control
(ITGC)
Control Type
Preventive
(prevent occurrence)
e.g. password setting
Detective
(catch issue)
e.g. monitoring
Corrective
(prevent repeat)
Control Library
(tool)
Risk & Control Matrix
(RCM)
Risk Level, etc.
3 Domains
Access Control
1A. Logical Access
Access approval workflow
password setting/policy
Admin/Privilege access
Segregation of duty #
Monitoring process
System config setting /
hardening
1B. Physical Access
Restrict HW access
Change Mgt
System SDLC
Emergency change
Version upgrade
Patching
Enhancements
Changes must be
Authorized
Tested
Segregation of duty #
Change approved for migration to PROD
Config change
IT Operations
Monitor job scheduling
backup & Recovery
Restoration
Deviation identified &
resolved