Search
Filters
Close

Global Technology Audit Guide (GTAG) 14: Auditing User-development Applications

Most organizations have come to rely on User Development Applications (UDA) to increase efficiencies and save money. However UDAs come with inherent risks. This guide shows how to assess risks and implement controls.

PDF

$0.00
$25.00
//when a customer clicks 'Enter' button we submit the "add to cart" button (if visible)
$25.00

Almost every organization uses some form of User Development Application (UDA). UDAs:

  • Can be more easily developed.
  • Are less costly to produce
  • Can typically be changed with relative ease versus programs and reports developed by IT personnel. 

However, once end users are given freedom to extract, manipulate, summarize, and analyze their UDA data without assistance from IT personnel, end users inherit risks once controlled by IT. These risks include data integrity, availability, and confidentiality.

Because management relies on UDAs, which can be a significant part of financial reporting and operational processes, as well as related decision making; the internal auditor must determine and review UDA risks and build an audit of UDAs into the annual internal audit plan as appropriate. 

GTAG-14, Auditing User-developed Applications, provides:

  • Direction on how to scope an internal audit of UDAs.
  • Guidance for how the internal auditor’s role as a consultant can be leveraged to assist management with developing an effective UDA control framework.
  • Considerations that internal auditors should address when performing UDA audits.
  • A sample UDA process flow as well as a UDA internal audit program.
  • Supporting worksheets to help internal auditors organize and execute an audit.

Item Number: 10.1072

Almost every organization uses some form of User Development Application (UDA). UDAs:

  • Can be more easily developed.
  • Are less costly to produce
  • Can typically be changed with relative ease versus programs and reports developed by IT personnel. 

However, once end users are given freedom to extract, manipulate, summarize, and analyze their UDA data without assistance from IT personnel, end users inherit risks once controlled by IT. These risks include data integrity, availability, and confidentiality.

Because management relies on UDAs, which can be a significant part of financial reporting and operational processes, as well as related decision making; the internal auditor must determine and review UDA risks and build an audit of UDAs into the annual internal audit plan as appropriate. 

GTAG-14, Auditing User-developed Applications, provides:

  • Direction on how to scope an internal audit of UDAs.
  • Guidance for how the internal auditor’s role as a consultant can be leveraged to assist management with developing an effective UDA control framework.
  • Considerations that internal auditors should address when performing UDA audits.
  • A sample UDA process flow as well as a UDA internal audit program.
  • Supporting worksheets to help internal auditors organize and execute an audit.

Item Number: 10.1072