auditing application controls l.
Skip this Video
Loading SlideShow in 5 Seconds..
Auditing Application Controls PowerPoint Presentation
Download Presentation
Auditing Application Controls

Loading in 2 Seconds...

play fullscreen
1 / 13

Auditing Application Controls - PowerPoint PPT Presentation

  • Uploaded on

Auditing Application Controls. Global Technology Audit Guide GTAG® 8. What this guides covers. Application controls and their benefits The role of internal auditors How to perform a risk assessment Application control review scoping Application review approaches

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Auditing Application Controls' - jacob

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
auditing application controls

Auditing Application Controls

Global Technology Audit Guide GTAG® 8

what this guides covers
What this guides covers
  • Application controls and their benefits
  • The role of internal auditors
  • How to perform a risk assessment
  • Application control review scoping
  • Application review approaches
  • Common application controls, suggested tests, and a sample review program
application controls
Application Controls


  • Input data is accurate, complete, authorized, and correct
  • Data is processed as intended in an acceptable time period
  • Output and stored data is accurate and complete
  • A record is maintained to track data processing from input to storage to output
application controls4
Application Controls
  • Cost effective and efficient means to manage risk
  • Reliant on the effectiveness on the IT general control environment
  • Approach varies for complex versus non-complex environments
benefits of application controls
Benefits of Application Controls
  • Reliability
    • Reduces likelihood of errors due to manual intervention
  • Benchmarking
    • Reliance on IT general controls can lead to concluding the application controls are effective year to year without re-testing
  • Time and cost savings
    • Typically application controls take less time to test and only require testing once as long as the IT general controls are effective
role of internal auditors
Role of Internal Auditors
  • Knowledge of key IT risks, controls and audit techniques
  • Consultant or assurance
    • Independent risk assessment
    • Design of controls
    • Education
    • Controls testing
risk assessment
Risk Assessment
  • Assess Risk
    • Techniques
    • Key scope questions
  • Approach
    • Define the universe
    • Define the risks
    • Weigh the risk factors
    • Rank the risks
    • Create a review plan based on the results
scoping the review
Scoping the Review
  • Business Process Method
    • Top down review
  • Single Application Method
    • Focus on a single application or module
  • Access Controls
    • Included no matter which method is chosen
review approaches
Review Approaches
  • Planning
  • Need for specialized resources
  • Documentation
  • Testing
  • Computer-assisted audit techniques (CAATs)
common application controls
Common Application Controls
  • Input and access controls
    • Data checks and validations
    • Automated authorization, approval, and override
    • Automated SOD
    • Pended items
  • File and data transmission controls
common application controls cont
Common Application Controls (Cont.)
  • Processing controls
    • Automated file identification and validation
    • Automated functionality and calculations
    • Audit trails and overrides
    • Data extraction, filtering, and reporting
    • Interface balancing
    • Automated functionality and aging
    • Duplicate checks
  • Output controls
    • General ledger and sub-ledger posting
    • Update authorization
sample detailed review program
Sample Detailed Review Program
  • Suggested tests
    • Test input controls to ensure transactions are added into and accepted by the application, processed only once and have no duplicated
    • Test processing controls to ensure transactions are accepted by the application, processed with valid logic, carried through all phases of processing and updated to the correct data files
    • The sample included in Appendix B of the guide provides other detailed tests
in closing
In Closing
  • Application controls are a cost effective and efficient means to manage risk.
  • Internal auditors should determine that their organization’s application controls are designed appropriately and operating effectively.
  • Consider benchmarking as a way to further reduce the testing effort