Professional Documents
Culture Documents
GTAG 8
www.theiia.org
www.theiia.org
Application Controls
Objectives:
Application Controls
Cost effective and efficient means
to manage risk
Reliant on the effectiveness on the
IT general control environment
Approach varies for complex versus
non-complex environments
www.theiia.org
Benchmarking
Reliance on IT general controls can lead to
concluding the application controls are
effective year to year without re-testing
www.theiia.org
Risk Assessment
Assess Risk
Techniques
Key scope questions
Approach
Define the universe
Define the risks
Weigh the risk factors
Rank the risks
Create a review plan based on the results
www.theiia.org
Access Controls
Included no matter which method is
chosen
www.theiia.org
Review Approaches
Planning
Need for specialized resources
Documentation
Testing
Computer-assisted audit techniques
(CAATs)
www.theiia.org
www.theiia.org
Processing controls
Output controls
General ledger and sub-ledger posting
Update authorization
www.theiia.org
In Closing
Application controls are a cost effective and
efficient means to manage risk.
Internal auditors should determine that
their organizations application controls are
designed appropriately and operating
effectively.
Consider benchmarking as a way to further
reduce the testing effort
www.theiia.org