CISA· ISACA
Certified Information Systems Auditor (ISACA)
ISACA’s CISA targets IS audit. 5 domains, ITAF and COBIT, 2,300+ questions with AuditBot explanations.
Term DefinitionControls
IT General Controls (ITGC)
Foundational controls supporting the reliability of information systems.
ITGCs cover 4 domains: access management, change management, computer operations, and program development. They form the foundation of SOX compliance for financial systems. A weakness in ITGCs can invalidate all application-level controls that depend on them — a multiplier effect. ITGCs are tested first in a SOX audit because their failure has a cascading impact on the entire audit scope. The CISA certification covers ITGC auditing in depth.
📌 Key points
- 4 domains: access management, change management, IT operations, program development
- A failed ITGC invalidates dependent application controls — negative leverage effect
- Access management and segregation of duties are the most frequently deficient ITGCs
- Tested first in a SOX audit before application controls
- CISA certification covers ITGC auditing in depth
Related certifications
These certifications cover the concept of "IT General Controls (ITGC)" in depth.
🔗 Related concepts
ComplianceControlsControlsCertificationsFrameworks
SOX Compliance
Requirements of the Sarbanes-Oxley Act to prevent financial statement fraud.
Segregation of Duties (SoD)
A principle preventing one person from controlling all steps of a critical process.
Control Deficiency
A flaw in the design or operation of an internal control.
CISA Certification
Certified Information Systems Auditor — the global standard for IS audit and governance.
COBIT
An IT governance and management framework published by ISACA.
📖 Related articles
Master this concept and more
Start your GRC certification journey today.