audit-support-it-general-controls-itgcs

Sub-skill of audit-support: IT General Controls (ITGCs) (+4).

5 stars

Best use case

audit-support-it-general-controls-itgcs is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Sub-skill of audit-support: IT General Controls (ITGCs) (+4).

Teams using audit-support-it-general-controls-itgcs should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/it-general-controls-itgcs/SKILL.md --create-dirs "https://raw.githubusercontent.com/vamseeachanta/workspace-hub/main/.agents/skills/_archive/business/finance/audit-support/it-general-controls-itgcs/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/it-general-controls-itgcs/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How audit-support-it-general-controls-itgcs Compares

Feature / Agentaudit-support-it-general-controls-itgcsStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Sub-skill of audit-support: IT General Controls (ITGCs) (+4).

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# IT General Controls (ITGCs) (+4)

## IT General Controls (ITGCs)


Controls over the IT environment that support the reliable functioning of application controls and automated processes.

**Access Controls:**
- User access provisioning (new access requests require approval)
- User access de-provisioning (terminated users removed timely)
- Privileged access management (admin/superuser access restricted and monitored)
- Periodic access reviews (user access recertified on a defined schedule)
- Password policies (complexity, rotation, lockout)
- Segregation of duties enforcement (conflicting access prevented)

**Change Management:**
- Change requests documented and approved before implementation
- Changes tested in a non-production environment before promotion
- Separation of development and production environments
- Emergency change procedures (documented, approved post-implementation)
- Change review and post-implementation validation

**IT Operations:**
- Batch job monitoring and exception handling
- Backup and recovery procedures (regular backups, tested restores)
- System availability and performance monitoring
- Incident management and escalation procedures
- Disaster recovery planning and testing


## Manual Controls


Controls performed by people using judgment, typically involving review and approval.

**Examples:**
- Management review of financial statements and key metrics
- Supervisory approval of journal entries above a threshold
- Three-way match verification (PO, receipt, invoice)
- Account reconciliation preparation and review
- Physical inventory observation and count
- Vendor master data change approval
- Customer credit approval

**Key attributes to test:**
- Was the control performed by the right person (proper authority)?
- Was it performed timely (within the required timeframe)?
- Is there evidence of the review (signature, initials, email, system log)?
- Did the reviewer have sufficient information to perform an effective review?
- Were exceptions identified and appropriately addressed?


## Automated Controls


Controls enforced by IT systems without human intervention.

**Examples:**
- System-enforced approval workflows (cannot proceed without required approvals)
- Three-way match automation (system blocks payment if PO/receipt/invoice don't match)
- Duplicate payment detection (system flags or blocks duplicate invoices)
- Credit limit enforcement (system prevents orders exceeding credit limit)
- Automated calculations (depreciation, amortization, interest, tax)
- System-enforced segregation of duties (conflicting roles prevented)
- Input validation controls (required fields, format checks, range checks)
- Automated reconciliation matching

**Testing approach:**
- Test design: Confirm the system configuration enforces the control as intended
- Test operating effectiveness: For automated controls, if the system configuration has not changed, one test of the control is typically sufficient for the period (supplemented by ITGC testing of change management)
- Verify change management ITGCs are effective (if system changed, re-test the control)


## IT-Dependent Manual Controls


Manual controls that rely on the completeness and accuracy of system-generated information.

**Examples:**
- Management review of a system-generated exception report
- Supervisor review of a system-generated aging report to assess reserves
- Reconciliation using system-generated trial balance data
- Approval of transactions identified by a system-generated workflow

**Testing approach:**
- Test the manual control (review, approval, follow-up on exceptions)
- AND test the completeness and accuracy of the underlying report/data (IPE — Information Produced by the Entity)
- IPE testing confirms the data the reviewer relied on was complete and accurate


## Entity-Level Controls


Broad controls that operate at the organizational level and affect multiple processes.

**Examples:**
- Tone at the top / code of conduct
- Risk assessment process
- Audit committee oversight of financial reporting
- Internal audit function and activities
- Fraud risk assessment and anti-fraud programs
- Whistleblower/ethics hotline
- Management monitoring of control effectiveness
- Financial reporting competence (staffing, training, qualifications)
- Period-end financial reporting process (close procedures, GAAP compliance reviews)

**Significance:**
- Entity-level controls can mitigate but typically cannot replace process-level controls
- Ineffective entity-level controls (especially audit committee oversight and tone at the top) are strong indicators of a material weakness
- Effective entity-level controls may reduce the extent of testing needed for process-level controls

Related Skills

llm-wiki-audit-feedback-loop

5
from vamseeachanta/workspace-hub

Durable feedback loop for correcting llm-wiki pages without losing the correction to chat history. Use when (1) a human notices a wiki page is wrong, outdated, or contradicts a source, (2) processing the `audit/` inbox of a domain wiki, (3) reviewing what feedback has been resolved vs deferred, (4) needing to leave a comment on a specific text range that survives line- number drift. Implements the anchored-text audit file pattern from lewislulu/llm-wiki-skill, adapted for workspace-hub's domain-wiki layout under /mnt/local-analysis/llm-wiki/wikis/<domain>/. Extends the 5-op model (compile/ingest/query/lint) from research/llm-wiki with the missing `audit` op. Never silently delete feedback — rejected audits stay archived with rejection rationale.

pre-completion-cleanup-audit

5
from vamseeachanta/workspace-hub

Audit and dispose of session residue (orphan files, scratch dirs, sibling-repo state, locks, trash-stages) BEFORE claiming a task complete. Required gate before any agent says "all done", "task complete", or hands work back to user/orchestrator.

repo-mission-portfolio-audit

5
from vamseeachanta/workspace-hub

Audit the workspace-hub repo portfolio to extract each repo's mission, identify documentation gaps, and prioritize a plan/approval sequence with explicit LLM-wiki weighting for future issue triage.

provider-session-ecosystem-audit-and-exporters

5
from vamseeachanta/workspace-hub

Build and maintain cross-provider session-log audits for Codex, Codex, Hermes, and Gemini, including exporter design, normalization, and behavioral verification.

orcawave-orcaflex-readiness-audit

5
from vamseeachanta/workspace-hub

Audit the real readiness of digitalmodel OrcaWave/OrcaFlex spec-driven workflows by reconciling workspace-hub issues, source/tests, semantic-equivalence boundaries, and wiki synthesis gaps.

read-only-pre-implementation-audit

5
from vamseeachanta/workspace-hub

Systematic cross-check workflow to validate assumptions before TDD coding begins

provider-audit-bootstrap-and-path-classification

5
from vamseeachanta/workspace-hub

Fix provider-session ecosystem audit failures caused by source-checkout imports and over-aggressive symbolic-path classification.

gtm-site-readiness-audit-local-vs-production

5
from vamseeachanta/workspace-hub

Audit GTM feature work by separating local artifact readiness from production deployment state, then fix common blockers in aceengineer-website and GTM collateral.

gsd-operational-audit

5
from vamseeachanta/workspace-hub

Audit a repo's live GSD/get-shit-done workflow state against docs, issues, and runtime outputs to find stale issues, automation reliability gaps, parser drift, migration residue, and policy contradictions.

github-issue-label-existence-audit

5
from vamseeachanta/workspace-hub

Prevent GitHub issue creation failures by auditing exact label existence, duplicate titles, and partial-create risk before calling gh issue create.

github-issue-label-audit-and-command-bundles

5
from vamseeachanta/workspace-hub

Safely turn drafted issue bodies into reusable gh issue create commands by auditing repo labels, exact duplicates, and auth first.

orcaflex-spec-audit

5
from vamseeachanta/workspace-hub

Audit, classify, and score OrcaFlex spec.yml files across the model library for quality, schema validity, and structure type categorization.