When relating the ITGC and ITAC toward the risk management in IT governance, it

means the firms operated its corporate activities through applied the suitable risk evaluation
methods to sustain and enhance its firm value (Internal Control in The New Era of Risks :
Guidelines for Internal Control That Functions Together with Risk Management, 2003). In the
way of applying the risk management within the ITGC and ITAC, the firms must recognize and
understand first about the variations of the risks management that essential to be implemented in
the firms activities and businesses (Bellino, Wells, Hunt, & LLP, 2007). By understanding of
firms risk based on firms corporate management in ITGC and ITAC, it allows the firms to
distinguish more easily the effects of business processes and the related risks (Palmas, 2011).
Even the ITGC/ITAC stand on unrelated backgrounds with the risk management, and have been
established by different ways, they have numerous common purposes when deal with several
risks and they can work together for keep sustain and augment the firms value (Internal Control
in The New Era of Risks : Guidelines for Internal Control That Functions Together with Risk
Management, 2003).

Besides, the challenging of ITGC and ITAC required the firm to adapt the related risk
management, generating further firms value and information on IT. The combination of vital
technologies knowledge within the firms corporate will drive the changes of synergies between
the IT governance and corporate governance which makes the recourse for determine various of
risks (Palmas, 2011). When applied the risk assessment methods over ITGC and ITAC of the
firms, its vital for the auditor to recognize the serious vulnerabilities that affecting the firm, to
analyze the firms nature, controls, and to review the extent of firms resources and its time
(Bellino, Wells, Hunt, & LLP, 2007). It is becoming essential to confederate the risk assessment
methods with IT controls and make them functioning in the methods that is appropriate to the
specific circumstances. Thus, the ITGC and ITAC activities ought to be numbered, and be
associated to the IT controls based on the description of processes or flowcharts (Bellino, Wells,
Hunt, & LLP, 2007).
References
Bellino, C., Wells, J., Hunt, S., & LLP, C. H. (2007, July). Global Technology Audit Guide
(GTAG) 8:Auditing Application Controls. Retrieved from The Institute of Internal
Auditors (IIA):
https://www.theiia.org/bookstore/downloads/freetomembers/0_1033.dl_gtag8.pdf
Internal Control in The New Era of Risks : Guidelines for Internal Control That Functions
Together with Risk Management. (2003, June). Retrieved from Ministry of Industry,
Trade and Economy:
http://www.meti.go.jp/english/information/downloadfiles/cRiskmanage0402e.pdf
Palmas, E. (2011). IT General and Application Controls: The Model of Internalization . ISACA
Journal Vol 5, 1-4.