This essay provides a comprehensive analysis of information system (IS) security and risk management practices within Telstra Corporation. It begins with an overview of Telstra's services and the role of information systems in supporting its business operations. The essay then delves into the specifics of general management controls (GMCs) and application controls (ACs) employed by Telstra, comparing and contrasting their functions. Furthermore, it evaluates the risk management techniques used to ensure reliability, confidentiality, availability, integrity, and security. The essay concludes with an illustration of Telstra's audit plan and process, demonstrating how auditing supports data quality. The content covers the different types of information system controls, risk management techniques, audit plan, and audit process for Telstra.