audit-support-it-general-controls-itgcs
Sub-skill of audit-support: IT General Controls (ITGCs) (+4).
Best use case
audit-support-it-general-controls-itgcs is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Sub-skill of audit-support: IT General Controls (ITGCs) (+4).
Teams using audit-support-it-general-controls-itgcs should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/it-general-controls-itgcs/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How audit-support-it-general-controls-itgcs Compares
| Feature / Agent | audit-support-it-general-controls-itgcs | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Sub-skill of audit-support: IT General Controls (ITGCs) (+4).
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# IT General Controls (ITGCs) (+4) ## IT General Controls (ITGCs) Controls over the IT environment that support the reliable functioning of application controls and automated processes. **Access Controls:** - User access provisioning (new access requests require approval) - User access de-provisioning (terminated users removed timely) - Privileged access management (admin/superuser access restricted and monitored) - Periodic access reviews (user access recertified on a defined schedule) - Password policies (complexity, rotation, lockout) - Segregation of duties enforcement (conflicting access prevented) **Change Management:** - Change requests documented and approved before implementation - Changes tested in a non-production environment before promotion - Separation of development and production environments - Emergency change procedures (documented, approved post-implementation) - Change review and post-implementation validation **IT Operations:** - Batch job monitoring and exception handling - Backup and recovery procedures (regular backups, tested restores) - System availability and performance monitoring - Incident management and escalation procedures - Disaster recovery planning and testing ## Manual Controls Controls performed by people using judgment, typically involving review and approval. **Examples:** - Management review of financial statements and key metrics - Supervisory approval of journal entries above a threshold - Three-way match verification (PO, receipt, invoice) - Account reconciliation preparation and review - Physical inventory observation and count - Vendor master data change approval - Customer credit approval **Key attributes to test:** - Was the control performed by the right person (proper authority)? - Was it performed timely (within the required timeframe)? - Is there evidence of the review (signature, initials, email, system log)? - Did the reviewer have sufficient information to perform an effective review? - Were exceptions identified and appropriately addressed? ## Automated Controls Controls enforced by IT systems without human intervention. **Examples:** - System-enforced approval workflows (cannot proceed without required approvals) - Three-way match automation (system blocks payment if PO/receipt/invoice don't match) - Duplicate payment detection (system flags or blocks duplicate invoices) - Credit limit enforcement (system prevents orders exceeding credit limit) - Automated calculations (depreciation, amortization, interest, tax) - System-enforced segregation of duties (conflicting roles prevented) - Input validation controls (required fields, format checks, range checks) - Automated reconciliation matching **Testing approach:** - Test design: Confirm the system configuration enforces the control as intended - Test operating effectiveness: For automated controls, if the system configuration has not changed, one test of the control is typically sufficient for the period (supplemented by ITGC testing of change management) - Verify change management ITGCs are effective (if system changed, re-test the control) ## IT-Dependent Manual Controls Manual controls that rely on the completeness and accuracy of system-generated information. **Examples:** - Management review of a system-generated exception report - Supervisor review of a system-generated aging report to assess reserves - Reconciliation using system-generated trial balance data - Approval of transactions identified by a system-generated workflow **Testing approach:** - Test the manual control (review, approval, follow-up on exceptions) - AND test the completeness and accuracy of the underlying report/data (IPE — Information Produced by the Entity) - IPE testing confirms the data the reviewer relied on was complete and accurate ## Entity-Level Controls Broad controls that operate at the organizational level and affect multiple processes. **Examples:** - Tone at the top / code of conduct - Risk assessment process - Audit committee oversight of financial reporting - Internal audit function and activities - Fraud risk assessment and anti-fraud programs - Whistleblower/ethics hotline - Management monitoring of control effectiveness - Financial reporting competence (staffing, training, qualifications) - Period-end financial reporting process (close procedures, GAAP compliance reviews) **Significance:** - Entity-level controls can mitigate but typically cannot replace process-level controls - Ineffective entity-level controls (especially audit committee oversight and tone at the top) are strong indicators of a material weakness - Effective entity-level controls may reduce the extent of testing needed for process-level controls
Related Skills
llm-wiki-audit-feedback-loop
Durable feedback loop for correcting llm-wiki pages without losing the correction to chat history. Use when (1) a human notices a wiki page is wrong, outdated, or contradicts a source, (2) processing the `audit/` inbox of a domain wiki, (3) reviewing what feedback has been resolved vs deferred, (4) needing to leave a comment on a specific text range that survives line- number drift. Implements the anchored-text audit file pattern from lewislulu/llm-wiki-skill, adapted for workspace-hub's domain-wiki layout under /mnt/local-analysis/llm-wiki/wikis/<domain>/. Extends the 5-op model (compile/ingest/query/lint) from research/llm-wiki with the missing `audit` op. Never silently delete feedback — rejected audits stay archived with rejection rationale.
pre-completion-cleanup-audit
Audit and dispose of session residue (orphan files, scratch dirs, sibling-repo state, locks, trash-stages) BEFORE claiming a task complete. Required gate before any agent says "all done", "task complete", or hands work back to user/orchestrator.
repo-mission-portfolio-audit
Audit the workspace-hub repo portfolio to extract each repo's mission, identify documentation gaps, and prioritize a plan/approval sequence with explicit LLM-wiki weighting for future issue triage.
provider-session-ecosystem-audit-and-exporters
Build and maintain cross-provider session-log audits for Codex, Codex, Hermes, and Gemini, including exporter design, normalization, and behavioral verification.
orcawave-orcaflex-readiness-audit
Audit the real readiness of digitalmodel OrcaWave/OrcaFlex spec-driven workflows by reconciling workspace-hub issues, source/tests, semantic-equivalence boundaries, and wiki synthesis gaps.
read-only-pre-implementation-audit
Systematic cross-check workflow to validate assumptions before TDD coding begins
provider-audit-bootstrap-and-path-classification
Fix provider-session ecosystem audit failures caused by source-checkout imports and over-aggressive symbolic-path classification.
gtm-site-readiness-audit-local-vs-production
Audit GTM feature work by separating local artifact readiness from production deployment state, then fix common blockers in aceengineer-website and GTM collateral.
gsd-operational-audit
Audit a repo's live GSD/get-shit-done workflow state against docs, issues, and runtime outputs to find stale issues, automation reliability gaps, parser drift, migration residue, and policy contradictions.
github-issue-label-existence-audit
Prevent GitHub issue creation failures by auditing exact label existence, duplicate titles, and partial-create risk before calling gh issue create.
github-issue-label-audit-and-command-bundles
Safely turn drafted issue bodies into reusable gh issue create commands by auditing repo labels, exact duplicates, and auth first.
orcaflex-spec-audit
Audit, classify, and score OrcaFlex spec.yml files across the model library for quality, schema validity, and structure type categorization.