General controls address the overall operation and activities of the IT department in an Organization. Hence different organizations would have different 'General Controls', depending on the nature of work carried out by the organization. This is why Sumeru adopts a client specific methodology for conducting the IT General Controls Audit.
Based on the requirements the customer may choose any one or all of the following areas:
IT Management (review of the strategic and "long-range" (2-3 years, at most) plans for a company's Information Technology area.)
Logical Security (review of IT risks and internal controls)
System Development Life Cycle (SDLC) methodology (review of procedures that are followed while moving applications from the "test" computer system to the "production" computer system.)
Backup and Off-site Rotation (review of the ability of the company to provide for periodic backup of all information systems or just those considered vital. )
Disaster Recovery Planning (DRP) (review of the ability of the company to re-establish their computer data and systems in the event of a catastrophe.)
Physical Security (review of the physical access controls and environmental controls of computer hardware facilities.)
Operations and Production Control (a review that is usually only done as part of IT audits of "mainframe" (like IBM OS/390) computer centers)
In addition to these we also carry out comprehensive data centre audit and application control audit as a part of the IT General Controls Audit, depending on the clients requirement.