It is important for the chief audit executive (CAE) and his or her team to develop and execute audits of application controls on a periodic basis in order to determine whether they are designed appropriately and operating effectively. This new IIA guidance, Auditing Application Controls, provides internal auditors with the following information.
- What is application control?
- What is the relationship between application controls and general controls?
- Why rely on application controls?
- How to scope a risk-based application control review?
- What are the steps to conduct an application controls review?
To further assist CAEs or other individuals who use this guide, also included is a list of key application controls, a sample audit plan and a list of some application control review tools.
Prepared by The Institute of Internal Auditors (The IIA), each Global Technology Audit Guide (GTAG) is written in straightforward business language to address a timely issue related to information technology (IT) management, control, and security. The GTAG series serves as a ready resource for chief audit executives on different technology-associated risks and recommended practices.