Global Technology Audit Guide (GTAG): Auditing Business Applications
IIA
Recommended Guidance
Global Technology Audit Guide (GTAG): Auditing Business Applications
Business applications are crucial enablers of business processes and may comprise single software programs or a collection of hardware, firmware, and software applications operating as an integrated system. Given the importance of business applications, risk-based internal audit plans should include engagements that evaluate standardized and system-specific controls over relevant risks. This GTAG helps auditors plan and perform such engagements.
This practice guide helps internal auditors:
• Gain a working knowledge of the systems development life cycle, service delivery, and information security processes relevant to business applications.
• Plan engagements to assess business applications by describing relevant risks and opportunities.
• Understand key risks and controls that may be present during the planning, development, support, and security of business applications.
• Become familiar with relevant guidance from three widely used control frameworks.