Professional Documents
Culture Documents
IT Application Controls
IT Application Controls
are performed
automatically by systems
ensuring accurate data
entry, processing, and
system output.
Programmed controls
Fixed Assets
Depreciation calculation
Tolerance limits
IT General Controls
Figure 11 2: Relationship between IT General Controls and Application Controls
Typical business
processes
More
application
controls
justification
An IT manager or management in the business area requesting
the program change approves changes prior to development
Application programmers should make changes in the
development environment
Once work is completed, programmers (e.g., SAP Basis) move
changed programs in the testing area for users or IT staff to test
IT and/or management of business area perform an impact
analysis prior to moving the change to production
The change moved to production is scheduled, and users
impacted by the change are notified
After testing and sign-off of quality assurance are complete, an IT
staff member not involved in the change moves the change to
production
Programmers should not have direct access to the production
2010 instance
by Marianne Bradford.
All rightsshould
reserved
and
not make changes directly into production
maintenance, backup)
Poor physical security over the data center
11
12
13
15
16
17
18
COBIT
Control Objectives for
Information and
related Technology
(COBIT) governance
framework and
supporting toolset that
provides best practices
management guidelines
for implementing IT
governance as required
by audits and SOX
Section 404
COBIT is developed by
ISACA and ITGI
2010 by Marianne Bradford. All rights reserved
19