GTAG 8 - Auditing Application Controls
Download (members only): English (PDF, 2MB); Spanish (690 KB); French (740 KB)
Purchase from The IIA Research Foundation Bookstore
Rate this guide

Each year, billions of dollars are spent globally on implementing new or upgrading business application systems. Effective application controls will help your organization to ensure the integrity, accuracy, confidentiality and completeness of your data and systems. It is important for the chief audit executive (CAE) and his or her team to develop and execute audits of application controls on a periodic basis in order to determine whether they are designed appropriately and operating effectively.

To further assist CAEs or other individuals who use this guide, we have also included a list of key application controls, a sample audit plan, and a list of some application control review tools.

TABLE OF CONTENTS
1. Executive Summary
2. Introduction
Defining Application Controls
Application Controls Versus IT General Controls
Complex Versus Non-complex IT Environments
Benefits of Relying on Application Controls
The Role of Internal Auditors
3. Risk Assessment
Assess Risk
Application Control: Risk Assessment Approach
4. Scoping of Application Control Reviews
Business Process Method
Single Application Method
Access Controls
5. Application Review Approaches and Other Considerations
Planning
Need for Specialized Audit Resources
Business Process Method
Documentation Techniques
Testing
Computer-assisted Audit Techniques
6. Appendices
Appendix A: Common Application Controls and Suggested Tests
Appendix B: Sample Audit Program
7. Glossary
8. References
9. About the Authors

Authors
Christine Bellino, Jefferson Wells,
Steve Hunt, Crowe Horwath LLP

Questions for the authors about this guide? E-mail guidance@theiia.org.

Training in relation to this GTAG
The IIA also offers training either on site at your location or as part of our seminars program. To find out more, go to Introduction to IT Auditing (IIA/Deloitte).