The Institute of Internal Auditors (IIA) has issued advice on auditing IT application controls.
The Institute's Global Technology Audit Guide 8 - Auditing Application Controls, helps internal audit practitioners, executives and boards of directors to understand various risks associated with application controls and how internal auditing can help to mitigate those risks.
"Most internal auditors think of application controls as a mysterious black box and are unsure of how to look inside to ensure they're working as they should," said Lily Bi, IIA manager of technology practices.
"It's important that all internal auditors have a good level of knowledge in this area to be skilled enough to determine if an application's controls are properly designed, and are operating effectively to manage financial, operational, or regulatory compliance risks," said Bi.
Application controls are applied to individual business processes or application systems such as data edits, separation of business functions, balancing of processing totals, transaction logging, and error reporting.
Failure to audit application controls can leave an organisation open to risks that have a negative impact on the integrity, completeness, timeliness, and availability of financial or operational data.
Comment on this article: firstname.lastname@example.org