Global Technology Audit Guide (GTAG): Auditing Business Applications Business applications are crucial enablers of business processes and may comprise single software programs or a collection of hardware, firmware, and software applications operating as an integrated system. Given the importance of business applications, risk-based internal audit plans should include engagements that evaluate standardized and system-specific controls over relevant risks. This GTAG helps auditors plan and perform such engagements. This practice guide helps internal auditors: • Gain a working knowledge of the systems development life cycle, service delivery, and information security processes relevant to business applications. • Plan engagements to assess business applications by describing relevant risks and opportunities. • Understand key risks and controls that may be present during the planning, development, support, and security of business applications. • Become familiar with relevant guidance from three widely used control frameworks.