Audit and financial control




               4.2  The protection of IT systems and software within business

                            Computer controls fall into two categories: general controls and
                            application controls.




                             General controls

                             These are policies and procedures that relate to many applications
                             and support the effective function of application controls by helping
                             to ensure the continued proper operation of information systems.


               Examples of general controls include:


                    Physical controls – to avoid unauthorized access to computer equipment,
                     such as security personnel, door locks and card entry systems.


                    Hardware and software configuration – to ensure that any new IT is tested
                     and installed correctly to minimise the risk of errors or damage to the
                     system.

                    Logical access – to prevent unauthorised access to the organisation’s
                     information systems.  These could include password systems.

                    Disaster recovery – to ensure the organisation will be able to continue
                     operating despite adverse conditions.

                    Output controls – to ensure the outputs from the system are both complete
                     and secure.

                    Technical support – it is important that all the users of the IT systems are
                     competent.  Training policies and technical support for workers can be a
                     valuable control.


























                                                                                                      245