Launch offer — 25% off with code LAUNCH-25 See plans →
Try now → N
📚 Learn/ / Audit Concepts – Special Features of Audit of Different Types of Entities
Microlesson · 5-min read

IT Audit – Application Controls vs General IT Controls

## Controls in an Automated Environment — Application Controls vs General IT Controls

### Two Categories of IT Controls

1. General IT Controls (GITC)

Controls that apply across all applications and the overall IT environment. They create the framework within which application controls operate.

2. Application Controls

Controls embedded within a specific application to ensure completeness, accuracy, and validity of data processed by that application.

### Classification Table

Control DescriptionType
Reasonableness checksApplication Controls
Controls over data centre and network operationsGeneral IT Controls
Controls over application system acquisition, development and maintenanceGeneral IT Controls
Program change controlsGeneral IT Controls

### How to Distinguish

  • If the control is specific to data processing within an application (input validation, reasonableness checks, completeness checks) → Application Control
  • If the control is environmental/infrastructure (data centre, networks, system development, change management, access management) → General IT Control

### Common Application Controls

  • Input controls (format checks, reasonableness checks, range checks)
  • Processing controls (batch totals, run-to-run totals)
  • Output controls (reconciliation of output to input)

### Common General IT Controls

  • Data centre and network operations
  • System acquisition, development and maintenance
  • Program change controls
  • Access security controls

Worked example

### Example 1

MTP 1 Question: Classify the following controls in an automated environment:

  • Reasonableness checks → Application Controls (embedded within application processing)
  • Controls over data centre and network operations → General IT Controls (infrastructure-level)
  • Controls over application system acquisition, development and maintenance → General IT Controls (SDLC-level)
  • Program change controls → General IT Controls (IT management-level)

⚠️ Common exam mistakes

  • Classifying 'program change controls' as application controls — change management is a General IT Control
  • Classifying 'reasonableness checks' as General IT Controls — these are embedded in the application and are Application Controls
  • Not knowing that General IT Controls are a prerequisite for Application Controls to be relied upon
  • Confusing SDLC controls (acquisition/development/maintenance) with application-level controls
Reference:
← Previous
Hotel Audit – Verification of
Next →
LLP Audit – Review of LLP Agre
Now that you've read this — what's next?
Move from understanding → mastery in 3 clicks. Each option below picks up from this lesson's topic.
🔥 Drill 5 Qs on this → ✍️ Adaptive practice →
Start 15-min diagnostic