MEST Journal ISSN 2334-7058 (Online) DOI 10.12709/issn.2334-7058

IT General Controls (ITGC) audits are vital for organizations that rely on information technology, as they offer independent assurance regarding the effectiveness of internal controls, governance, and risk management. This process enables management to understand the strengths and weaknesses of their IT controls and receive practical recommendations for improvement. Using best practice frameworks from IIA and ISACA, ITGC audits align with industry standards, helping organizations meet legal and regulatory requirements while supporting secure and efficient IT operations. Competent auditors, equipped with formal education, experience, and certifications like CISA, CISM, CRISC, and CISSP play a critical role in these audits. They ensure that IT systems and processes comply with governance criteria, protect data integrity, confidentiality, and availability, and align IT operations with organizational objectives. Through ITGC audits, auditors can identify risks in areas such as change management, logical access, business continuity, and physical security, helping organizations enhance their IT maturity and resilience.

IIA. (2012). Global Technology Audit Guide (GTAG) 1 Information Technology Risk and Controls, 2nd Edition

IIA. (2015). Lifelong learning for internal auditors

IIA. (2022). Fundamentals of IT Audit for Operational Auditors

ISACA. (2007). COBIT 4.1: Framework for IT Governance and Control

ISACA. (2019). COBIT 2019 Framework: Governance and Management Objectives

ISACA. (2020). IT Audit Framework (ITAF): A Professional Practices Framework for IT Audit, 4th Edition

ISACA. (2022). IT Audit Fundamentals Study Guide

ISACA. (2024). CISA Review Manual

TechTarget. (n.d.). Six ITGC audit controls to improve business continuity. Retrieved December 10, 2024, from https://www.techtarget.com/searchdisasterrecovery/tip/Six-ITGC-audit-controls-to-improve-business-continuity