Business applications are crucial enablers of business processes and may comprise single software programs or a collection of hardware, firmware, and software applications operating as an integrated system. Given the importance of business applications, risk-based internal audit plans should include engagements that evaluate standardized and system-specific controls over relevant risks. This GTAG helps auditors plan and perform such engagements.
This practice guide helps internal auditors:
- Gain a working knowledge of the systems development life cycle, service delivery, and information security processes relevant to business applications.
- Plan engagements to assess business applications by describing relevant risks and opportunities.
- Understand key risks and controls that may be present during the planning, development, support, and security of business applications.
- Become familiar with relevant guidance from three widely used control frameworks.