IT controls as part of organization internal control system are an important mechanism for ensuring that the business objectives are met. However, empirical observations show that organizations frequently do not establish an appropriate IT control environment. In this research paper, results of IT general controls (ITGC) audits are analysed at 61 Latvian companies with the purpose of assessing the need for establishing an IT control environment. Research results provide evidence that organizations with an effective IT control environment have fewer identified significant deficiencies in ITGC audits; there are fewer IT-related risks and the potential impact and probability of the identified risks is lower. These observations suggest that the IT control environment helps organizations achieve better quality indicators and reduce IT related risks.