Normal it general controls are categorised into domains: 1. Access: to application, to servers, to data centers 2. Changes in Inscope Application and related infrastructure: if there any code changes performed in the application, or if there any such changes in the application which changes the functioning of the application (like changing the tax rate on any product), patches applied in the application, security patches made on the servers, 3. Security: testing of Firewall, antivirus elements 4. Other IT Operations: Scheduled jobs, interfaces, Backups, Incidents
Hi Amanda. This video is really good. Can you break this down further into the 6 general controls (control environ, system development,access control, continuity, system software and doc)? Enjoy your style of lecturing. Everything fits into perspective with the videos you do.
Lots of practice - but I still do it occassionally! Trying to speak too fast also can cause ums. I think in this video I wrote a script and used my teleprompter!
Hi Gib Gob - do you mean going for a job in IT Audit/SOX? Or do you mean interviewing clients? I presume it is the latter - know your potential employer: * what sort of companies do they audit? * check out the SOX 404 reports on some of those companies - what are common issues that fall under the IT category? (rather than the manual category) * how would you go about detecting those sorts of major deficiencies And the final one - make sure you have at least 1 question for your employer that shows you want to know whether you fit in at their organisation - that may be about clients, location, travel, advancement, culture, diversity & inclusion. Good luck!
I understand this video is old, however, is it correct to assume applications like email filters/blockers that are add-ons for other applications are considered General IT controls as opposed to IT Application Controls? I'm assuming it's General because it's not programmed into the application, but rather an add-on.
Dear Friends, I have a question about internal control: 1/ I think internal control (IC) are activities that identify risks and frauds occurring in business processes and financial reports. After the IC (internal control) department detects risks, it will propose to management levels or the Board of Directors to identify risks and handle them. Question: Am I understanding this correctly?, I hope you can answer and add more. Thank you.
Batch Jobs scheduled in an application, do they come under ITGC's or ITAC? (add/modify/delete critical scheduled jobs or interfaces between in-scope SOX system)
Can I ask some question? for access into organization network (Internal Network) >> ITGC but access into each application (e.g. internal application) and some time we use different credential form internal network can we call IT application control? So,if focus in application >> call Application Control right?
Kindly do a video on cloud accounting and/or share a link where one can get more insight on what it is and how it works, pros and cons etc. Thank you in advance.
Hey Vivianne Definitely check out Heather Smith for everything cloud accounting. She has a great website and be sure to sign up for her newsletter ruclips.net/user/ANISEConsulting
Hi Edward - auditing computers are like auditing any other process - understand the internal controls, identify the control activities, test the controls for effectiveness. As for subsequent events - I have 3 videos on this topic A strategy for answering subsequent event questions ruclips.net/video/i1nZ3k0E4JQ/видео.html Subsequent events - some worked examples ruclips.net/video/pv-zenAjTGQ/видео.html Interpreting the Auditing Standard on SUBSEQUENT EVENTS ISA/ASA560 ruclips.net/video/H-R3LwHwdVg/видео.html
Hi Arvind - the teacher in me always asks a question first. What do you think the difference is? Give it a go and then I’ll happily provide some guidance based on your response ☺️
Hi Peter - not specifically. SOX does require you to report on any material deficiencies in internal controls - but this video is just about the difference between 2 types of IT controls - application and general. SOX requires you to look at all controls - manual (done by people) and IT
Asking about the process, see if they’ve done any restorations from backups (usually this process needs to be documented and signed off by mgmt). You can’t usually physically/actually test the backup
🤣im in my final year and I still have to remind myself now and then about the difference between these 2.The line that differentiates them is too thin its easy to mix them up
Hello , please if u can help as I am new IS Auditor need some Authorised SW's of the below: Transaction logging Query tools Statistics and data analysis (CAAT) Database management system (DBMS) Data warehouses, data marts, data mining AI Embedded audit modules (EAM) Neural network technology Standards such as Extensible Business Reporting Language (XBRL)
Normal it general controls are categorised into domains:
1. Access: to application, to servers, to data centers
2. Changes in Inscope Application and related infrastructure: if there any code changes performed in the application, or if there any such changes in the application which changes the functioning of the application (like changing the tax rate on any product), patches applied in the application, security patches made on the servers,
3. Security: testing of Firewall, antivirus elements
4. Other IT Operations: Scheduled jobs, interfaces, Backups, Incidents
Hi Parminder - thanks for sharing this :)
This video couldn’t have come at a better time! Currently studying this topic this week! Thank you so much!!
Great! Happy studies 😊
Thank you so much for this video! I'm interviewing for IT Risk Consultant this week and this clarifies things for me a lot.
One year on, did you get the job?
I DIIIIIID and I’m a senior now!!!!
@@abdulwahabalhaji8662 hmdl 🤲🏽
Hos do you like it? :) I have my last interview tomorrow, but Reddit says it’s really boring and few exit opportunities
Recently found your channel and have my uni audit exam next week! Thank you so much for these videos, they are so helpful and well made!
Hi Amanda. This video is really good. Can you break this down further into the 6 general controls (control environ, system development,access control, continuity, system software and doc)? Enjoy your style of lecturing. Everything fits into perspective with the videos you do.
Thank you so much, you just contributed to my exam success.
Good luck in your exams Thabang!
Thanks I really loved that video, I was really struggling with general v application controls, now all is clear.
Great to hear!
This is my second presentation today
Lots of appreciations for the these valuable videos 👍
👍Thank You very much for great video and answering my question.
Your way of explaining is great to understand easily within shortest time 👍
You’re welcome Mustafa!
Ha, when you got to the LMS part, literally a relational DB scheme I created years ago... 😍
They haven't changed!
Thank you, this is very clear. Even my 100 euro's of textbooks can't explain like you do. gr from Amsterdam
“Dr Amanda”
That flexxxxxxx
I *think* that’s a compliment - thanks 😊
This is such an fantastic video with clear explanation and examples. Absolutely loving it! Keep it up Amanda will follow the channel!
Thanks Tony!
Amanda your explanation is awesome 💯
very insightful and easily illustrated
Thanks!
Amanda, it was amazing. Great job
Thank you Kwabena - good luck in your studies :)
Beautifully explained in simple language
Thank You for this video and also to the person who requested this video, It helped a lot.
You're welcome Syed!
Great video Amanda☺
Thank you for the video. Do you have a video on sampling IT general controls?
Hi - not yet - when sampling, the key is going to be sampling over the entire year
Great explanation, thank you so much.
Thank you, this was very informative!!!
Thanks Stace!
Hey Amanda..your way of teaching is just wow...can you please upload video on HIPPA with complete understanding from zero to hero
Hey - I don't know much about HIPPA (if you mean the healthcare privacy law) - sorry!
thank you so much for sharing this helpful video
You're welcome Yosita!
So wonderful thank you so much. You are great teacher
You’re welcome Jome! 😊
Hiii ur videos are superb, will u do a video on socq type2 audit
How do you manage not to say "um" when you are speaking?! Great job.
Lots of practice - but I still do it occassionally! Trying to speak too fast also can cause ums. I think in this video I wrote a script and used my teleprompter!
@@amandalovestoaudit thanks for your content. I am just at the bottom rung of aca doing assurance and your vids proper help!
pause instead of saying um
Do you have any tips for an IT Audit SOX interview? How to impress and stand out?
Hi Gib Gob - do you mean going for a job in IT Audit/SOX? Or do you mean interviewing clients?
I presume it is the latter - know your potential employer:
* what sort of companies do they audit?
* check out the SOX 404 reports on some of those companies - what are common issues that fall under the IT category? (rather than the manual category)
* how would you go about detecting those sorts of major deficiencies
And the final one - make sure you have at least 1 question for your employer that shows you want to know whether you fit in at their organisation - that may be about clients, location, travel, advancement, culture, diversity & inclusion.
Good luck!
@@amandalovestoaudit Insightful. Thank you
I understand this video is old, however, is it correct to assume applications like email filters/blockers that are add-ons for other applications are considered General IT controls as opposed to IT Application Controls? I'm assuming it's General because it's not programmed into the application, but rather an add-on.
Dear Friends, I have a question about internal control:
1/ I think internal control (IC) are activities that identify risks and frauds occurring in business processes and financial reports. After the IC (internal control) department detects risks, it will propose to management levels or the Board of Directors to identify risks and handle them. Question: Am I understanding this correctly?, I hope you can answer and add more. Thank you.
Thank you so much... but I want to understand the ICT controls in Revenue and receipts cycle!!! It confuses me big time.
Would you clarify the role of a group financial controller
Batch Jobs scheduled in an application, do they come under ITGC's or ITAC? (add/modify/delete critical scheduled jobs or interfaces between in-scope SOX system)
Batch jobs within an application would be an Application Control ☺️
@@amandalovestoaudit thanks for the clarification and Quick reply!😁
Can I ask some question?
for access into organization network (Internal Network) >> ITGC
but access into each application (e.g. internal application) and some time we use different credential form internal network can we call IT application control?
So,if focus in application >> call Application Control right?
Yes - focus within an application is an Application Control
Kindly do a video on cloud accounting and/or share a link where one can get more insight on what it is and how it works, pros and cons etc. Thank you in advance.
Hey Vivianne
Definitely check out Heather Smith for everything cloud accounting. She has a great website and be sure to sign up for her newsletter
ruclips.net/user/ANISEConsulting
I need to get some more info from you are you free to go for 30 minutes
您的英语讲得真好!
Hi Mike - unfortunately I can’t read Chinese characters!
you're awesome, thanks!
Thank you so much Fadi 🙏☺️
Thanks for clarification 🙏🏻
How can you relate the IT controls with IT Audits
Thanks, this is great
Niceeeee!!! What about making a video where you explain the differences between an audit of private and public company?
Keep up the work!!
Greetings,can you please highlight which aspects to dwell much on when coming to computer auditing?
Hi Edward - I’m unsure of your question. Do you mean when you are studying computer audit? Or when you are auditing a client’s systems?
@@amandalovestoaudit on both aspects, and how to go about the subsequent events as an Auditor?
Hi Edward - auditing computers are like auditing any other process - understand the internal controls, identify the control activities, test the controls for effectiveness.
As for subsequent events - I have 3 videos on this topic
A strategy for answering subsequent event questions
ruclips.net/video/i1nZ3k0E4JQ/видео.html
Subsequent events - some worked examples
ruclips.net/video/pv-zenAjTGQ/видео.html
Interpreting the Auditing Standard on SUBSEQUENT EVENTS ISA/ASA560
ruclips.net/video/H-R3LwHwdVg/видео.html
Can you explain , what is configurable and Non Configurable Controls and explain with an example
Hi Arvind - the teacher in me always asks a question first. What do you think the difference is? Give it a go and then I’ll happily provide some guidance based on your response ☺️
really helpful...thanks a lot!!!!
Thanks Yuqian!
Don’t forget that I have a full study guide of videos on my website - amandalovestoaudit.com/learning-resources/audit-study-guide/
is this about Sarbanes Oxley?
Hi Peter - not specifically. SOX does require you to report on any material deficiencies in internal controls - but this video is just about the difference between 2 types of IT controls - application and general. SOX requires you to look at all controls - manual (done by people) and IT
My textbook also mentions ‘user controls’, what is that exactly?
User controls are those related to guiding user behaviour. Does it refer to computer end user controls?
www.prweb.com/releases/2004/12/prweb185286.htm
Very nice. 🌹
Thank you! 😊
Amanda, what is a BSO test?
Hi - I don’t remember mentioning that in the video ... or do you mean generally?
Amanda, thanks for responding. I had someone at work ask me this and dont know what they were referring to. what kind of test is it?
Ok - it is something I’ve actually never heard of before! I will ask around and see if I can help - it might be something specific to your audit firms
Hello
I'm asking for an assistance relating to General control vs Application control
What sort of assistance?
I was trying to send the document but I couldn't
I was asking for you email so that I can share the document
@@karabondlovu6528 I am sorry, but that seems a bit shady. Just ask her the question instead of sending documents?
Dear Amanda how to check for back up ?
Asking about the process, see if they’ve done any restorations from backups (usually this process needs to be documented and signed off by mgmt). You can’t usually physically/actually test the backup
@@amandalovestoaudit Thank u so much
i need help for my task:(
I would think the app controls are more interface controls rather than SOD
There are many that are likely to be both
Thank you
You're welcome Jus - thank you for watching :)
Nice
I salute🤙
🤣im in my final year and I still have to remind myself now and then about the difference between these 2.The line that differentiates them is too thin its easy to mix them up
Hello , please if u can help as I am new IS Auditor need some Authorised SW's of the below:
Transaction logging
Query tools
Statistics and data analysis (CAAT)
Database management system (DBMS)
Data warehouses, data marts, data mining
AI
Embedded audit modules (EAM)
Neural network technology
Standards such as Extensible Business Reporting Language (XBRL)
Hi Bo - I’d check out Auditnet.org - this is a great resource for practitioners.
「上記のギフトのいずれかを選択できます」、
Best at 1.25x
1 2 3
1
crykey mate
Sorry Amanda, you explained ITGCs horribly.
Thank you