|
In business and accounting, information technology controls (or IT controls) are specific activities performed by persons or systems designed to ensure that business objectives are met. They are a subset of an enterprise's internal control. IT control objectives relate to the confidentiality, integrity, and availability of data and the overall management of the IT function of the business enterprise. IT controls are often described in two categories: IT general controls (ITGC) and IT application controls. ITGC include controls over the Information Technology (IT) environment, computer operations, access to programs and data, program development and program changes. IT application controls refer to transaction processing controls, sometimes called "input-processing-output" controls. Information technology controls have been given increased prominence in corporations listed in the United States by the Sarbanes-Oxley Act. The COBIT Framework (Control Objectives for Information Technology) is a widely used framework promulgated by the IT Governance Institute, which defines a variety of ITGC and application control objectives and recommended evaluation approaches. IT departments in organizations are often led by a Chief Information Officer (CIO), who is responsible for ensuring effective information technology controls are utilized. ==IT General Controls (ITGC)== ITGC represent the foundation of the IT control structure. They help ensure the reliability of data generated by IT systems and support the assertion that systems operate as intended and that output is reliable. ITGC usually include the following types of controls: : * Control environment, or those controls designed to shape the corporate culture or "tone at the top." : *Change management procedures - controls designed to ensure changes meet business requirements and are authorized. : *Source code/document version control procedures - controls designed to protect the integrity of program code : *Software development life cycle standards - controls designed to ensure IT projects are effectively managed. : *Logical access policies, standards and processes - controls designed to manage access based on business need. : *Incident management policies and procedures - controls designed to address operational processing errors. : *Problem management policies and procedures - controls designed to identify and address the root cause of incidents. : *Technical support policies and procedures - policies to help users perform more efficiently and report problems. : *Hardware/software configuration, installation, testing, management standards, policies and procedures. : *Disaster recovery/backup and recovery procedures, to enable continued processing despite adverse conditions. : *Physical security - controls to ensure the physical security of information technology from individuals and from environmental risks. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Information technology controls」の詳細全文を読む スポンサード リンク
|