Abstract
The IT general controls assessment performed by internal audit is the best way to get an objective and comprehensive analysis of the controls in place to manage technology risks and the overall risks to the enterprise related to its use and management of technology. The assessment covers many specialized technical areas, management of the technical IT areas, the use of technology to operate and manage business and governance processes, and ensuring processes, practices, and results remain in compliance with requirements. The example audit program referenced in this article provides a starting point for planning, designing, and performing the audit customized to your organization. The article also sends you to the many references and sources of guidance you will need to perform the work. So get going!