Normal it general controls are categorised into domains: 1. Access: to application, to servers, to data centers 2. Changes in Inscope Application and related infrastructure: if there any code changes performed in the application, or if there any such changes in the application which changes the functioning of the application (like changing the tax rate on any product), patches applied in the application, security patches made on the servers, 3. Security: testing of Firewall, antivirus elements 4. Other IT Operations: Scheduled jobs, interfaces, Backups, Incidents
Hi Amanda. This video is really good. Can you break this down further into the 6 general controls (control environ, system development,access control, continuity, system software and doc)? Enjoy your style of lecturing. Everything fits into perspective with the videos you do.
Lots of practice - but I still do it occassionally! Trying to speak too fast also can cause ums. I think in this video I wrote a script and used my teleprompter!
Hi Gib Gob - do you mean going for a job in IT Audit/SOX? Or do you mean interviewing clients? I presume it is the latter - know your potential employer: * what sort of companies do they audit? * check out the SOX 404 reports on some of those companies - what are common issues that fall under the IT category? (rather than the manual category) * how would you go about detecting those sorts of major deficiencies And the final one - make sure you have at least 1 question for your employer that shows you want to know whether you fit in at their organisation - that may be about clients, location, travel, advancement, culture, diversity & inclusion. Good luck!
I understand this video is old, however, is it correct to assume applications like email filters/blockers that are add-ons for other applications are considered General IT controls as opposed to IT Application Controls? I'm assuming it's General because it's not programmed into the application, but rather an add-on.
Can I ask some question? for access into organization network (Internal Network) >> ITGC but access into each application (e.g. internal application) and some time we use different credential form internal network can we call IT application control? So,if focus in application >> call Application Control right?
Dear Friends, I have a question about internal control: 1/ I think internal control (IC) are activities that identify risks and frauds occurring in business processes and financial reports. After the IC (internal control) department detects risks, it will propose to management levels or the Board of Directors to identify risks and handle them. Question: Am I understanding this correctly?, I hope you can answer and add more. Thank you.
Batch Jobs scheduled in an application, do they come under ITGC's or ITAC? (add/modify/delete critical scheduled jobs or interfaces between in-scope SOX system)
Kindly do a video on cloud accounting and/or share a link where one can get more insight on what it is and how it works, pros and cons etc. Thank you in advance.
Hey Vivianne Definitely check out Heather Smith for everything cloud accounting. She has a great website and be sure to sign up for her newsletter ua-cam.com/users/ANISEConsulting
Hi Arvind - the teacher in me always asks a question first. What do you think the difference is? Give it a go and then I’ll happily provide some guidance based on your response ☺️
Asking about the process, see if they’ve done any restorations from backups (usually this process needs to be documented and signed off by mgmt). You can’t usually physically/actually test the backup
Hi Peter - not specifically. SOX does require you to report on any material deficiencies in internal controls - but this video is just about the difference between 2 types of IT controls - application and general. SOX requires you to look at all controls - manual (done by people) and IT
Hi Edward - auditing computers are like auditing any other process - understand the internal controls, identify the control activities, test the controls for effectiveness. As for subsequent events - I have 3 videos on this topic A strategy for answering subsequent event questions ua-cam.com/video/i1nZ3k0E4JQ/v-deo.html Subsequent events - some worked examples ua-cam.com/video/pv-zenAjTGQ/v-deo.html Interpreting the Auditing Standard on SUBSEQUENT EVENTS ISA/ASA560 ua-cam.com/video/H-R3LwHwdVg/v-deo.html
🤣im in my final year and I still have to remind myself now and then about the difference between these 2.The line that differentiates them is too thin its easy to mix them up
Hello , please if u can help as I am new IS Auditor need some Authorised SW's of the below: Transaction logging Query tools Statistics and data analysis (CAAT) Database management system (DBMS) Data warehouses, data marts, data mining AI Embedded audit modules (EAM) Neural network technology Standards such as Extensible Business Reporting Language (XBRL)
Normal it general controls are categorised into domains:
1. Access: to application, to servers, to data centers
2. Changes in Inscope Application and related infrastructure: if there any code changes performed in the application, or if there any such changes in the application which changes the functioning of the application (like changing the tax rate on any product), patches applied in the application, security patches made on the servers,
3. Security: testing of Firewall, antivirus elements
4. Other IT Operations: Scheduled jobs, interfaces, Backups, Incidents
Hi Parminder - thanks for sharing this :)
This video couldn’t have come at a better time! Currently studying this topic this week! Thank you so much!!
Great! Happy studies 😊
Thank you so much for this video! I'm interviewing for IT Risk Consultant this week and this clarifies things for me a lot.
One year on, did you get the job?
I DIIIIIID and I’m a senior now!!!!
@@abdulwahabalhaji8662 hmdl 🤲🏽
Hos do you like it? :) I have my last interview tomorrow, but Reddit says it’s really boring and few exit opportunities
Amanda your explanation is awesome 💯
Recently found your channel and have my uni audit exam next week! Thank you so much for these videos, they are so helpful and well made!
This is my second presentation today
Lots of appreciations for the these valuable videos 👍
Thank you, this is very clear. Even my 100 euro's of textbooks can't explain like you do. gr from Amsterdam
Thanks I really loved that video, I was really struggling with general v application controls, now all is clear.
Great to hear!
“Dr Amanda”
That flexxxxxxx
I *think* that’s a compliment - thanks 😊
Thank you so much, you just contributed to my exam success.
Good luck in your exams Thabang!
very insightful and easily illustrated
Thanks!
Great video Amanda☺
👍Thank You very much for great video and answering my question.
Your way of explaining is great to understand easily within shortest time 👍
You’re welcome Mustafa!
Amanda, it was amazing. Great job
Thank you Kwabena - good luck in your studies :)
Hi Amanda. This video is really good. Can you break this down further into the 6 general controls (control environ, system development,access control, continuity, system software and doc)? Enjoy your style of lecturing. Everything fits into perspective with the videos you do.
Beautifully explained in simple language
Ha, when you got to the LMS part, literally a relational DB scheme I created years ago... 😍
They haven't changed!
This is such an fantastic video with clear explanation and examples. Absolutely loving it! Keep it up Amanda will follow the channel!
Thanks Tony!
Great explanation, thank you so much.
Thank you for the video. Do you have a video on sampling IT general controls?
Hi - not yet - when sampling, the key is going to be sampling over the entire year
Hey Amanda..your way of teaching is just wow...can you please upload video on HIPPA with complete understanding from zero to hero
Hey - I don't know much about HIPPA (if you mean the healthcare privacy law) - sorry!
Hiii ur videos are superb, will u do a video on socq type2 audit
Thank You for this video and also to the person who requested this video, It helped a lot.
You're welcome Syed!
thank you so much for sharing this helpful video
You're welcome Yosita!
Thank you, this was very informative!!!
Thanks Stace!
So wonderful thank you so much. You are great teacher
You’re welcome Jome! 😊
How do you manage not to say "um" when you are speaking?! Great job.
Lots of practice - but I still do it occassionally! Trying to speak too fast also can cause ums. I think in this video I wrote a script and used my teleprompter!
@@amandalovestoaudit thanks for your content. I am just at the bottom rung of aca doing assurance and your vids proper help!
pause instead of saying um
Do you have any tips for an IT Audit SOX interview? How to impress and stand out?
Hi Gib Gob - do you mean going for a job in IT Audit/SOX? Or do you mean interviewing clients?
I presume it is the latter - know your potential employer:
* what sort of companies do they audit?
* check out the SOX 404 reports on some of those companies - what are common issues that fall under the IT category? (rather than the manual category)
* how would you go about detecting those sorts of major deficiencies
And the final one - make sure you have at least 1 question for your employer that shows you want to know whether you fit in at their organisation - that may be about clients, location, travel, advancement, culture, diversity & inclusion.
Good luck!
@@amandalovestoaudit Insightful. Thank you
you're awesome, thanks!
Thank you so much Fadi 🙏☺️
Thanks for clarification 🙏🏻
Thanks, this is great
I understand this video is old, however, is it correct to assume applications like email filters/blockers that are add-ons for other applications are considered General IT controls as opposed to IT Application Controls? I'm assuming it's General because it's not programmed into the application, but rather an add-on.
Would you clarify the role of a group financial controller
Thank you so much... but I want to understand the ICT controls in Revenue and receipts cycle!!! It confuses me big time.
您的英语讲得真好!
Hi Mike - unfortunately I can’t read Chinese characters!
Can I ask some question?
for access into organization network (Internal Network) >> ITGC
but access into each application (e.g. internal application) and some time we use different credential form internal network can we call IT application control?
So,if focus in application >> call Application Control right?
Yes - focus within an application is an Application Control
Dear Friends, I have a question about internal control:
1/ I think internal control (IC) are activities that identify risks and frauds occurring in business processes and financial reports. After the IC (internal control) department detects risks, it will propose to management levels or the Board of Directors to identify risks and handle them. Question: Am I understanding this correctly?, I hope you can answer and add more. Thank you.
Batch Jobs scheduled in an application, do they come under ITGC's or ITAC? (add/modify/delete critical scheduled jobs or interfaces between in-scope SOX system)
Batch jobs within an application would be an Application Control ☺️
@@amandalovestoaudit thanks for the clarification and Quick reply!😁
Kindly do a video on cloud accounting and/or share a link where one can get more insight on what it is and how it works, pros and cons etc. Thank you in advance.
Hey Vivianne
Definitely check out Heather Smith for everything cloud accounting. She has a great website and be sure to sign up for her newsletter
ua-cam.com/users/ANISEConsulting
I need to get some more info from you are you free to go for 30 minutes
How can you relate the IT controls with IT Audits
Very nice. 🌹
Thank you! 😊
Thank you
You're welcome Jus - thank you for watching :)
Can you explain , what is configurable and Non Configurable Controls and explain with an example
Hi Arvind - the teacher in me always asks a question first. What do you think the difference is? Give it a go and then I’ll happily provide some guidance based on your response ☺️
Nice
Dear Amanda how to check for back up ?
Asking about the process, see if they’ve done any restorations from backups (usually this process needs to be documented and signed off by mgmt). You can’t usually physically/actually test the backup
@@amandalovestoaudit Thank u so much
My textbook also mentions ‘user controls’, what is that exactly?
User controls are those related to guiding user behaviour. Does it refer to computer end user controls?
www.prweb.com/releases/2004/12/prweb185286.htm
is this about Sarbanes Oxley?
Hi Peter - not specifically. SOX does require you to report on any material deficiencies in internal controls - but this video is just about the difference between 2 types of IT controls - application and general. SOX requires you to look at all controls - manual (done by people) and IT
I salute🤙
really helpful...thanks a lot!!!!
Thanks Yuqian!
Don’t forget that I have a full study guide of videos on my website - amandalovestoaudit.com/learning-resources/audit-study-guide/
Greetings,can you please highlight which aspects to dwell much on when coming to computer auditing?
Hi Edward - I’m unsure of your question. Do you mean when you are studying computer audit? Or when you are auditing a client’s systems?
@@amandalovestoaudit on both aspects, and how to go about the subsequent events as an Auditor?
Hi Edward - auditing computers are like auditing any other process - understand the internal controls, identify the control activities, test the controls for effectiveness.
As for subsequent events - I have 3 videos on this topic
A strategy for answering subsequent event questions
ua-cam.com/video/i1nZ3k0E4JQ/v-deo.html
Subsequent events - some worked examples
ua-cam.com/video/pv-zenAjTGQ/v-deo.html
Interpreting the Auditing Standard on SUBSEQUENT EVENTS ISA/ASA560
ua-cam.com/video/H-R3LwHwdVg/v-deo.html
Niceeeee!!! What about making a video where you explain the differences between an audit of private and public company?
Keep up the work!!
Hello
I'm asking for an assistance relating to General control vs Application control
What sort of assistance?
I was trying to send the document but I couldn't
I was asking for you email so that I can share the document
@@karabondlovu6528 I am sorry, but that seems a bit shady. Just ask her the question instead of sending documents?
Amanda, what is a BSO test?
Hi - I don’t remember mentioning that in the video ... or do you mean generally?
Amanda, thanks for responding. I had someone at work ask me this and dont know what they were referring to. what kind of test is it?
Ok - it is something I’ve actually never heard of before! I will ask around and see if I can help - it might be something specific to your audit firms
i need help for my task:(
I would think the app controls are more interface controls rather than SOD
There are many that are likely to be both
🤣im in my final year and I still have to remind myself now and then about the difference between these 2.The line that differentiates them is too thin its easy to mix them up
Hello , please if u can help as I am new IS Auditor need some Authorised SW's of the below:
Transaction logging
Query tools
Statistics and data analysis (CAAT)
Database management system (DBMS)
Data warehouses, data marts, data mining
AI
Embedded audit modules (EAM)
Neural network technology
Standards such as Extensible Business Reporting Language (XBRL)
Hi Bo - I’d check out Auditnet.org - this is a great resource for practitioners.
Best at 1.25x
「上記のギフトのいずれかを選択できます」、
1 2 3
1
crykey mate
Sorry Amanda, you explained ITGCs horribly.
Thank you