Definitions Edit

Financial Edit

General controls are

[c]ontrols, other than application controls, that relate to the environment within which application systems are developed, maintained, and operated, and that are therefore applicable to all the applications at an institution. The objectives of general controls are to ensure the proper development and implementation of systems, and the integrity of program and data files and of computer operations. Like application controls, general controls may be either manual or programmed. Examples of general controls include the development and implementation of an IT strategy and an IT security policy, the organization of IT staff to separate conflicting duties and planning for disaster prevention and recovery.[1]

General Edit

General controls are

the structure, policies, and procedures — in all or a large segment of an organization's information systems — that help ensure proper operation, data integrity, and security. [2]
[p]olicies and procedures that help ensure the continued, proper operation of computer information systems. They include controls over information technology (IT), IT infrastructure, security management, and software acquisition, development and maintenance.[3]

References Edit

  1. FFIEC IT Examination Handbook, Audit, Appendix B: Glossary (full-text).
  2. Applied Research and Methods: Assessing the Reliability of Computer-Processed Data, at 8 n.2.
  3. Playbook: Enterprise Risk Management for the U.S. Federal Government, at 105.