Certified Government Auditing Professional (CGAP) Practice Exam

Information technology general controls are essential to ensuring that an organization’s IT systems function securely and reliably. These controls provide a foundation for the integrity and security of the environment in which data is processed and managed. The correct choice encompasses three critical types of controls: administration controls, security controls, and system software controls. - Administration controls involve policies and procedures that govern the management of IT resources, ensuring that they are organized, monitored, and maintained appropriately. This includes user access management, change management, and incident management. - Security controls are designed to protect information assets from unauthorized access and data breaches. They encompass various measures, such as user authentication, access controls, and encryption mechanisms, which help safeguard sensitive data in the IT environment. - System software controls focus on the operating system and application software functions. They include configurations, patches, and updates necessary to protect against vulnerabilities. These controls ensure the software environments are secure and compliant with applicable standards and regulations. Together, these controls create a comprehensive framework necessary to support the operational integrity and security of applications and systems, making option B the appropriate answer. The other choices do not fully encompass the breadth of information technology general controls, as they either narrow the focus to only one aspect or omit critical components needed for a