Assessing the Need of Information Technology Control Environment Establishment

Ruta Pirta, Renate Strazdina


IT controls as part of organization internal control system are an important mechanism for ensuring that the business objectives are met. However, empirical observations show that organizations frequently do not establish an appropriate IT control environment. In this research paper, results of IT general controls (ITGC) audits are analysed at 61 Latvian companies with the purpose of assessing the need for establishing an IT control environment. Research results provide evidence that organizations with an effective IT control environment have fewer identified significant deficiencies in ITGC audits; there are fewer IT-related risks and the potential impact and probability of the identified risks is lower. These observations suggest that the IT control environment helps organizations achieve better quality indicators and reduce IT- related risks.


IT audit; IT controls; IT control environment; ITAC; ITGC

Full Text:



S.-M. Huang, W.-H. Hung D. C. Yen, I.-C. Chang and D. Jiang, Building the evaluation model of the IT general control for CPAs under enterprise risk management, 2011.

F. Gallegos and S. Senft, Why Are Information Technology Controls and Audit Important?, 2008.

360 GRC Whitepaper, Sarbanes-Oxley (404) Network Assessment and Compliance, 2010.

S. Flowerday and R.V. Solms, Real time information integrity = system integrity + data integrity + continuous assurances, Computers & Security, 24 (8) (2005), pp. 604–613.

C. Bellino, J. Wells, and S. Hunt, Enterprise Controls Consulting LP, Auditing Application Controls, 2007.


  • There are currently no refbacks.

Copyright (c) 2012 Ruta Pirta, Renate Strazdina

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.