Scribd
Upload
119 views3 pages

ITGC Interview Study Guide

Uploaded by

riasharmai060
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
119 views3 pages

ITGC Interview Study Guide

Uploaded by

riasharmai060
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

ITGC (IT General Controls) Interview Study Guide

1. What are IT General Controls (ITGC)?

IT General Controls (ITGCs) are policies and procedures that relate to many applications and support the

effective functioning of application controls by ensuring the continued proper operation of information

systems. They help maintain the integrity, confidentiality, and availability of information systems. Examples

include access controls, change management, IT operations, and program development controls. ITGCs

support internal controls over financial reporting (ICFR) and are essential in audits, especially for SOX 404

compliance.

2. Domains of ITGC

There are four main domains of ITGC:

A. Access to Programs and Data:

- Ensures only authorized users have access to data.

- Controls include user provisioning, de-provisioning, periodic access reviews, and privileged access controls.

B. Change Management:

- Manages how changes are requested, approved, tested, and deployed.

- Controls include change request approval, testing evidence, rollback plans, and emergency change

protocols.

C. IT Operations:

- Ensures IT processes like backups, monitoring, and job scheduling are performed effectively.

- Includes backup and restore processes, incident management, and capacity monitoring.

D. Program Development:

- Applies to the development and implementation of new systems or programs.

- Follows a System Development Life Cycle (SDLC) and includes controls for secure coding and testing.

3. ITGC and SOX 404


ITGC (IT General Controls) Interview Study Guide

The Sarbanes-Oxley Act (SOX) section 404 requires public companies to implement internal controls over

financial reporting. ITGCs play a significant role in ensuring the systems supporting financial transactions are

reliable, secure, and auditable. Auditors assess ITGCs to determine whether financial reporting risks are

adequately mitigated.

4. ITGC vs Application Controls

ITGCs are broad controls over the IT environment such as access, change management, and operations.

Application controls are specific to individual software and ensure transactions are processed correctly.

Example: An ITGC ensures only authorized personnel access the ERP system; an application control

ensures invoices cannot be processed without a valid purchase order.

5. Tools and Concepts to Know

- Active Directory (AD): Manages network resources and user access.

- JIRA/ServiceNow: Platforms for managing change requests and incidents.

- Veeam/Acronis: Backup software used to ensure data recovery.

- SAP/Oracle: ERP systems that are typically subject to ITGC.

- RBAC (Role-Based Access Control): Assigns access based on user roles.

- SoD (Segregation of Duties): Prevents conflicts of interest in processes.

6. Interview Questions - General Understanding

1. What are IT General Controls?

2. Why are ITGCs important for financial audits?

3. What is the difference between ITGC and application controls?

4. What does SOX 404 say about IT controls?

7. Interview Questions - Access Controls

5. What is user access provisioning and how is it controlled?

6. What is privileged access and how is it managed?


ITGC (IT General Controls) Interview Study Guide

7. Why is Segregation of Duties important?

8. What would you check in a periodic access review?

8. Interview Questions - Change Management

9. How do you ensure a system change is properly tested and approved?

10. What is the role of a change management tool like JIRA?

11. What are emergency changes and how are they controlled?

12. Why is it important to document all changes?

9. Interview Questions - IT Operations

13. How do companies ensure that data is backed up and recoverable?

14. What is the purpose of a disaster recovery plan?

15. What kind of logs or evidence would you check for a batch job?

10. Interview Questions - Program Development

16. What is SDLC and why is it important?

17. Why should developers not have access to the production environment?

18. How can you ensure software changes are secure?

11. Interview Questions - Audit Process

19. How do you test access controls during an audit?

20. What documents or evidence would you collect during an ITGC audit?

You might also like