← Glossary·Controls

IT General Controls (ITGC)

SOXSOC 2

Pervasive IT controls supporting reliable processing — access, change management, operations, development.

IT General Controls are pervasive IT controls underpinning the reliable operation of application controls — typically grouped into Access to Programs & Data, Program Change, Program Development, and Computer Operations. ITGC is the backbone of any SOX 404 / ICFR audit.

Why it matters
ITGC deficiencies cascade — if change-management is unreliable, every automated application control built on the system is itself unreliable.

Related terms

Change Management
Documented process for approving, testing, and deploying changes to production systems.
Segregation of Duties (SoD)
Splitting critical tasks across multiple individuals so no single person can execute fraud or untraceable error.
User Access Review
Periodic review by data owners confirming each user's access remains appropriate; typically quarterly.

Does your program actually cover IT General Controls (ITGC)?

Run a free ComplianceIQ audit against SOX and we'll surface every gap on this — and the other controls auditors flag — with the exact clause references to fix.

Free SOX auditBack to glossary