Information Technology General Controls

Overview

Auditors conducted a cybersecurity assessment of an agency in the City and County of Denver. This assessment found some areas of strength and some areas that need improvement. Because of the security sensitivities involved with this assessment the findings were communicated to the agency separately. This report gives a general overview of information technology general controls.

Information technology general controls

Based on information from the Institute of Internal Auditors, information technology general controls are defined as a set of processes, procedures, and standards that support the use of technology in the organization while managing, protecting, and governing the systems, applications, data, and processes from failure and inconsistent performance.

Information technology general controls are considered the building blocks and minimum standards to ensure information technology systems can maintain confidentiality, integrity, and availability. The National Institute of Standards and Technology defines these terms as:

• Confidentiality – preserving authorized restrictions on information access and disclosure, including the means of protecting personal privacy and proprietary information.
• Integrity – guarding against improper information modification or destruction and ensuring information nonrepudiation and authenticity.
• Availability – ensuring timely and reliable access to and use of information.

Without effective information technology general controls an organization may not be able to achieve its objectives. This may result in the loss of public trust, data breaches, and financial penalties.

AUDITOR TIMOTHY O'BRIEN, CPA
Denver Auditor

Denver Auditor's Office

201 W. Colfax Ave. #705 Denver, CO 80202
Email: auditor@denvergov.org
Call: 720-913-5000
Follow us on Facebook     Connect with us on Twitter