Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
GTAG 8
www.theiia.org
www.theiia.org
Application Controls
Objectives:
Input data is accurate, complete, authorized, and correct Data is processed as intended in an acceptable time period Output and stored data is accurate and complete A record is maintained to track data processing from input to storage to output
www.theiia.org
Application Controls
Cost effective and efficient means to manage risk Reliant on the effectiveness on the IT general control environment Approach varies for complex versus non-complex environments
www.theiia.org
Benchmarking
Reliance on IT general controls can lead to concluding the application controls are effective year to year without re-testing
www.theiia.org
Risk Assessment
Assess Risk Techniques Key scope questions Approach Define the universe Define the risks Weigh the risk factors Rank the risks Create a review plan based on the results
www.theiia.org
Access Controls
Included no matter which method is chosen
www.theiia.org
Review Approaches
Planning Need for specialized resources Documentation Testing Computer-assisted audit techniques (CAATs)
www.theiia.org
www.theiia.org
(Cont.)
Output controls
General ledger and sub-ledger posting Update authorization
www.theiia.org
In Closing
Application controls are a cost effective and efficient means to manage risk. Internal auditors should determine that their organizations application controls are designed appropriately and operating effectively. Consider benchmarking as a way to further reduce the testing effort
www.theiia.org