How to Audit IT General Controls - ITG201


This course explores the key IT general control areas to ensure confidentiality, integrity, availability, reliability, and privacy of your sensitive and proprietary data. Students will examine vulnerabilities, threats, and risks.


Tuition cost


NASBA Certified CPE

24 Credits


Why you should attend

You should attend because this course explores critical aspects of IT environments like data governance and management, scenario-based risk assessment, and review exhibits to better plan, scope and conduct IT audits.

Who should attend

Experienced IT auditors and technologists: responsible for performing a IT General Controls Review audit or self-assessment

What You'll learn

You will learn about the vulnerabilities, threats and risks that organizations face daily and how to verify that IT controls are present and working as intended.


  • Fundamentals of Internal Auditing (OAG101)
  • IT Audit School (ITG121)

You will learn the how to assess:

  • Data and Information Governance and Management
  • Effectiveness of IT Governance
  • Common IT Control Standards and Frameworks
  • IT Risk Management Using Scenario Analysis
    • Risk Identification
    • Risk Assessment (Analysis and Evaluation)
    • Risk Response
    • Risk Monitoring and Reporting
  • Technology overview, common controls, common vulnerabilities, threats, risks and tests related to:
  • IT Service Organizations – Roles and Responsibilities (SOD)
    • Contract Management
    • Technology Insurance
    • IT Service Management
  • Asset
  • Configuration & Hardening
  • Change/Release
  • Problem/Incident
  • Knowledge
    • Access Logical/Physical
    • Environmental Controls
    • Hardware and Software Infrastructure
    • Network Perimeter Security
    • Patch Management
    • Vulnerability Management (and Pen Testing)
    • Application Development
    • Business Continuity and Disaster Recovery
    • Incident Management
    • Project Management
    • Process Engineering
    • Third Parties and Cloud Providers
  • Assessing Information Technology
    • GCC Audit
    • Other Regulation Variations (SOX, PCI, etc.)
    • Adding GCC considerations to every audit engagement

Schedule your course

Use the table below to select the time and location that works best for you.

We don't currently have any dates scheduled for this course.


ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: