Information Technology and Management Science

IT controls as part of organization internal control system are an important mechanism for ensuring that the business objectives are met. However, empirical observations show that organizations frequently do not establish an appropriate IT control environment. In this research paper, results of IT general controls (ITGC) audits are analysed at 61 Latvian companies with the purpose of assessing the need for establishing an IT control environment. Research results provide evidence that organizations with an effective IT control environment have fewer identified significant deficiencies in ITGC audits; there are fewer IT-related risks and the potential impact and probability of the identified risks is lower. These observations suggest that the IT control environment helps organizations achieve better quality indicators and reduce IT- related risks.

S.-M. Huang, W.-H. Hung D. C. Yen, I.-C. Chang and D. Jiang, Building the evaluation model of the IT general control for CPAs under enterprise risk management, 2011.

F. Gallegos and S. Senft, Why Are Information Technology Controls and Audit Important?, 2008.

360 GRC Whitepaper, Sarbanes-Oxley (404) Network Assessment and Compliance, 2010.

S. Flowerday and R.V. Solms, Real time information integrity = system integrity + data integrity + continuous assurances, Computers & Security, 24 (8) (2005), pp. 604–613.

C. Bellino, J. Wells, and S. Hunt, Enterprise Controls Consulting LP, Auditing Application Controls, 2007.