Assessing IT Application Controls - 10 CPE

Assessing IT Business Application System Controls

On-Demand - 10 CPE  

This on-demand class is designed for financial, business, and IT auditors who need a solid strategy for auditing business application systems. 

Focusing on a risk-based approach to auditing business application transactions, you will review techniques that can be applied to all types of business application systems. You will learn how to assess key risks and controls in the application processing cycle and how to prioritize your audit approach to focus on the highest risk areas.

A primary focus during the session will be how to assess key aspects of a business application, including completeness and accuracy of input, processing and output, transaction authorizations, processing flow balancing and reconciliations. Testing will also be highlighted to provide for effective testing results.

Course Agenda:

IT Risks

·      IT Risk Definition

·      Information Security Objectives

·      Key Business Application Risks

Performing Integrated Audits

·      Defining Integrated Auditing

·      Scoping Integrated Audits

·      Business and Application Controls

·      Integrated Audits - Challenges

·      COSO – Principle-11

Access Management

·      User Identification and Authentication

·      Single Sign-On

·      Authorization Controls

·      Separation of Duties

·      Audit Trail & Review

·      Log Management

Change, Patch & Configuration Mgt                                              

·      Change Management                                                                

·      Patch Management

·      Security Configuration Management

Business Application Systems

·      Business Application Audit Objectives

·      Batch, On-line, Web-facing and Real-time Models

·      Enterprise Resource Planning (ERP) Systems

Business Application Transaction Risks

·      Determining Application Risks

·      Performing Walkthroughs

·      Automated & Manual Controls

·      IT Dependent Manual Controls

·      Application-Level IT General Controls

Business Application Controls

·      Completeness & Accuracy of Input

·      Error Handling

·      Completeness & Accuracy of Processing

·      Completeness & Accuracy of Output

·      Output Retention & Disposal

·      Completeness & Accuracy of Masters

·      Completeness & Accuracy of Interfaces

Testing Business Application Controls

·      Testing Operating Effectiveness

·      Testing Automated Controls

·      Testing IT Dependent Manual Controls

·      Data Analytics & CAATs

End User Computing (EUC)

·      EUC / UDA Computing Risks                                                   

·      Spreadsheet Risk Factors                                                         

·      Evaluating End User Controls

·      Shadow IT / Shadow Cloud