IT GENERAL CONTROLS (ITGC)
Strengthening the Foundation of IT Governance, Risk, and Compliance
Course Schedule
| Date | Venue | Fees (Face-to-Face) |
|---|---|---|
| 23 – 27 Jun 2025 | Dubai, UAE | USD 3495 per delegate |
Course Introduction
IT General Controls (ITGC) are the bedrock of effective information systems governance, risk management, and internal control frameworks. Organizations rely on ITGC to ensure the confidentiality, integrity, and availability of financial data, operational systems, and regulatory compliance.
This comprehensive training equips participants with the knowledge and tools to assess, implement, and monitor IT general controls across critical domains, including access management, change control, system development, backup procedures, and data security. Real-world examples and control testing practices will empower professionals to contribute to stronger audit outcomes and risk mitigation.
Course Objectives
By the end of this course, participants will be able to:
• Understand the scope and significance of IT General Controls in GRC frameworks
• Design and evaluate access controls, change management, and backup protocols
• Identify key ITGC areas subject to internal and external audit scrutiny
• Test and document ITGC effectiveness using risk-based approaches
• Support SOX, ISO, COBIT, and other compliance and audit frameworks
Key Benefits of Attending
• Gain a deep understanding of ITGC components and audit requirements
• Strengthen your organization’s IT governance and internal control maturity
• Enhance your ability to support financial audits and IT risk assessments
• Explore the latest trends in automation, cloud, and cybersecurity controls
• Learn from ITGC failures and high-profile audit findings
Intended Audience
This program is designed for:
• IT audit and compliance professionals
• Risk and governance officers
• Internal auditors and financial controllers
• IT managers and systems administrators
• SOX, ISO 27001, and COBIT implementation teams
Individual Benefits
Key competencies that will be developed include:
• Understanding of ITGC domains and control objectives
• Control testing and documentation techniques
• Ability to assess gaps and propose remediation plans
• Familiarity with audit readiness and IT risk registers
• Confidence in engaging with auditors and regulators
Organization Benefits
Upon completing the training course, participants will demonstrate:
• Improved control over IT systems and access points
• Reduced audit findings and compliance risks
• Streamlined change and configuration management processes
• Alignment with international IT control standards and best practices
• Enhanced collaboration between IT, audit, and compliance units
Instructional Methdology
The course follows a blended learning approach combining theory with practice:
• Strategy Briefings – ITGC structure, frameworks (COBIT, ISO, NIST), and trends
• Case Studies – Control failure investigations and remediation
• Workshops – Developing audit checklists and control maps
• Peer Exchange – Cross-industry insights and audit experiences
• Tools – Risk assessment templates, control testing matrices, compliance trackers
Course Outline
Training Hours: 7:30 AM – 3:30 PM
Daily Format: 3–4 Learning Modules | Coffee breaks: 09:30 & 11:15 | Lunch Buffet: 01:00 – 02:00
Day 1: Foundations of IT General Controls
Module 1: Introduction to ITGC and GRC Frameworks (07:30 – 09:30)
• Definitions, objectives, and domains of ITGC
• Relation to SOX, COBIT, COSO, and ISO standards
Module 2: Governance & Control Environment (09:45 – 11:15)
• IT policies, procedures, and organizational oversight
• Control ownership and accountability
Module 3: Risk Assessment & Control Mapping (11:30 – 01:00)
• ITGC risk drivers and audit scoping
• Mapping controls to critical systems
Module 4: Workshop – Assessing Your IT Control Landscape (02:00 – 03:30)
• Identify gaps and prioritize controls
Day 2: Access Controls and Identity Management
Module 5: Logical Access Controls (07:30 – 09:30)
• User provisioning, segregation of duties, privileged access
Module 6: Authentication, Monitoring, and Reviews (09:45 – 11:15)
• Password policies, MFA, access logs, and periodic reviews
Module 7: Case Study – Access Breach in a Financial Institution (11:30 – 01:00)
• Cause, investigation, and mitigation steps
Module 8: Workshop – Evaluate an Access Control Matrix (02:00 – 03:30)
• Detect violations and recommend remediation
Day 3: Change Management and System Development
Module 9: Change Management Controls (07:30 – 09:30)
• Change requests, approvals, and documentation
Module 10: Application Development Controls (09:45 – 11:15)
• SDLC, secure coding practices, and test protocols
Module 11: Case Study – Failed ERP Change Rollout (11:30 – 01:00)
• Implications for operations and controls
Module 12: Workshop – Design a Change Control Checklist (02:00 – 03:30)
• Steps for pre- and post-change validation
Day 4: Backup, Recovery, and Operations Controls
Module 13: Data Backup and Recovery Management (07:30 – 09:30)
• Backup policies, testing, offsite storage
Module 14: Job Scheduling and Batch Controls (09:45 – 11:15)
• Job logs, processing accuracy, and failure response
Module 15: Incident and Problem Management (11:30 – 01:00)
• ITIL alignment, root cause analysis
Module 16: Workshop – Simulate an IT Incident Response Plan (02:00 – 03:30)
• Response roles, escalation paths, and documentation
Day 5: Testing, Auditing, and Continuous Improvement
Module 17: ITGC Testing Techniques and Evidence Gathering (07:30 – 09:30)
• Sampling, walkthroughs, inquiries, re-performance
Module 18: Audit Coordination and Reporting (09:45 – 11:15)
• Managing findings, audit reports, and issue closure
Module 19: Monitoring and Control Automation (11:30 – 01:00)
• Dashboards, continuous controls monitoring (CCM), audit tools
Module 20: Final Workshop – Build a Comprehensive ITGC Audit Plan (02:00 – 03:30)
• End-to-end plan covering scope, control areas, and responsibilities
Certification
Participants will receive a Certificate of Completion in IT General Controls (ITGC), validating their knowledge of core IT control domains, ability to support audits, and readiness to implement risk-based IT governance practices in compliance-driven environments.