SOX ITGC Testing (Sarbanes-Oxley Information Technology General Controls Testing)
IT environments have continued to increase in complexity with even greater reliance on the information provided by IT systems and processes which led to the compliance mandate to ensure the integrity of information and data used in financial reporting. Section 404 of the SOX Act of 2002 requires that management and auditors establish internal controls and reporting methods to ensure the adequacy of those controls. The ITGC audit of applications and infrastructure crucial to financial reporting ensures compliance with SOX efforts and auditing requirements.
Frameworks
Guidelines and standards to conduct an ITGC audit are typically adopted from publicly renowned frameworks such as COSO, COBIT and NIST SP 800-34 and ITIL. These frameworks are widely used to implement general security controls over IT infrastructure of an organization and lays down guidelines to ensure the establishment, implementation and continuous monitoring of industry set best practices as well as requirement of prevalent regulations.