What are IT Entity Controls? 2052

  • I wanted to make sure I am understand what everyone is referring to as the ‘IT Entity controls’, just as a sanity check to make sure I am on the right path: Are they referring to to contols such as IT Policies, SOD for IT personnel?
    I would appreciate it if you can share with me your thoughts and understanding and examples of what the ‘IT Entity Controls’ are.
    Thank you in advance.

  • Hi,
    For SOX purposes, the IT entity controls correspond to the following IT Control Process and Domain within the CobiT Framework:
    Planning and Organization
    Process 1: Establish Strategic Vision
    Strategic Plan Elements:

    • summary of the organization’s strategic goals and strategies and how they relate to the IT function.
    • IT goals and strategies and how each will support the organization’s goals and strategies.
    • Information architectural model
      Refers to the Corporate data model and the associated information systems
      Process 2: Develop Tactics to Realize the Strategic Vision
      Organizational and Control Plans:
    • Segregation of duties
      • Authorizing transactions
      • Executing transactions
      • Recording transactions
      • Safeguarding resulting resources
    • Organizational plans for the information system function
    • IT steering committee
      Hope this helps,

  • Additionally,
    Company Level Controls (CLCs) set the tone for the organization.
    Examples include:
    ’ Systems planning
    ’ Operating style
    ’ Enterprise policies
    ’ Governance
    ’ Collaboration
    ’ Information sharing
    ’ Codes of conduct
    ’ Fraud prevention
    Application controls and general controls support the CLCs.

  • a good example for IT entity control would be the Information Security Policy( ISMS Policy- BS7799). This sets the basic IT policies which sets the tone of top management and lays down the basic IT rules to aid information security.

  • IT ELC are about IT Governance and most comprehensive control set for them can be derived from COBIT.
    As Milan said correctly they are mostly about the tone at the top. One example is:
    ‘The organization has an acquisition and planning process that aligns with its overall strategic direction.’

  • I want to thank everyone for your responses. This help validate what I thought and considered as Entity controls.
    Again, big thank you for your responses…

Log in to reply