Internal controls - ITGC basics Exorcise 1 - Identliy the ITCC process that addresses the ITCC process risk Complete the following table, indicating which ITCC process (manage change process, manage access process or manage IT operations process) will address the stated risk, using the example underlying cause provided.

Internal controls ITGCs Part 2: ITGC basics Exercise 3 - Discussion questions Discuss the following questions as a small team. Identify one team member to document the team responses and be prepared to share with the class as a whole.

For each identified ITGC riak, Indicate if the risk is an access, change or operations risk and which ITGCs would mitigate the risk. \begin{tabular}{|l|l|l|} \hline \multicolumn{1}{|c|}{ IIGC risk } & Type of risk (access, change, operations) & IIGC to mitigate the risk \\ \hline Personnel with access beyond what is necessary & & \\ \hline ...

ITGC process risk. ITGCs . 1. Reliance on systems or programs that are inaccurately processing data, processing inaccurate data or both. (Example underlying cause: new IT application programs, or changes to existing programs, do not function as described or requested because they were not adequately tested.) 2.

Question: Complete the following table, indicating which ITGC process (manage change process, manage access process or manage IT operations process) will address the stated risk, using the example undertying cause provided.For each risk, use the list on the following page to identify the ITGCs (by letter) that would address the ITGC process risk, using the example

Question: Identify at least two ITGCs to mitigate risks associated with the ITGC categories in the ITGC column. Use the same controls for each of the following categories:Access to an applicationSoftware change managementOperations (backups, logging, version control)

Question: IT general controls (ITGC) are controls that apply to all systems components, processes, and data for a given organization or information technology (IT) environment. Which one of the following is NOT an ITGC? A. Program change management controls B. Data center physical security controls. C. Ensure valid data is input in the system D.

a An ITGC deficiency is always the results of a broken IT-Dependent control. b An ITGC is irrelevant in financial statements. c ITGC deficiencies must be corrected before testing of controls in the audit plan. d An ITGC deficiency does not directly affect financial statements

Question: Internal controls ITGCs Part 3: Evaluating ITCCs 1. Determine if the ITCC listed is a preventive or a detective and corrective control. 2. For each identified ITGC risk, indicate if the risk is an access, change or operations risk and which ITCCs would mitigate the risk.

(LO 1) Understanding client controls Parsons & Co, LLC, an audit firm, has audited Cascade Motors, a manufacturer of auto parts, for the last two years. Dereck Miller, a first-year auditor, has noted that the IT auditor has evaluated IT general controls (ITGC) as strong. Dereck notes that because ITGC's are strong, controls over program changes are