GTAG: Auditing Business Applications
September 15, 2021
Copyright Notice We are excited to share this publication with you. However, keep in mind that all content – including text, images, tables, and graphics – is protected by international copyright laws. You are welcome to reference or quote small portions of this document with proper attribution to The IIA, but unauthorized reproduction, distribution, or use beyond that other than for your own personal use is strictly prohibited and may constitute a violation of copyright law resulting in civil and criminal penalties. If you would like to request permission to use our materials or have questions, please email copyright@theiia.org.
Business applications are crucial enablers of business processes and may comprise single software programs or a collection of hardware, firmware, and software applications operating as an integrated system. This GTAG helps auditors understand why it is important to provide assurance over business applications and how to identify and assess the relevant risks and standardized and system-specific controls when performing audit engagements.
This guidance will enable internal auditors to:
- Understand relevant risks and opportunities related to business applications.
- Gain a working knowledge of the full life cycle of a business application, from planning and development to support and management reporting, along with the relevant risks and controls.
- Become familiar with relevant guidance from three widely used control frameworks.
- Plan and perform engagements to provide assurance over business applications.