Auditors get guidance on application controls

The Institute of Internal Auditors (IIA) has issued advice on auditing IT application controls.

The Institute of Internal Auditors (IIA) has issued advice on auditing IT application controls.

The Institute's Global Technology Audit Guide 8 - Auditing Application Controls, helps internal audit practitioners, executives and boards of directors to understand various risks associated with application controls and how internal auditing can help to mitigate those risks.

"Most internal auditors think of application controls as a mysterious black box and are unsure of how to look inside to ensure they're working as they should," said Lily Bi, IIA manager of technology practices.

"It's important that all internal auditors have a good level of knowledge in this area to be skilled enough to determine if an application's controls are properly designed, and are operating effectively to manage financial, operational, or regulatory compliance risks," said Bi.

Application controls are applied to individual business processes or application systems such as data edits, separation of business functions, balancing of processing totals, transaction logging, and error reporting.

Failure to audit application controls can leave an organisation open to risks that have a negative impact on the integrity, completeness, timeliness, and availability of financial or operational data. 

GTAG 8 Auditing Application Controls can be viewed here.

Sarbanes-Oxley defeat blow for SMBs >>

Information security the route to compliance >>

Comment on this article:

Read more on IT for small and medium-sized enterprises (SME)

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.