Information Technology Reference
In-Depth Information
Application Systems Controls Audit
Overview
Enterprises regularly conduct application systems controls audits in order to give assurance
to management that application systems are able to produce correct information which can
be relied upon and used for decision-making. Application system controls (ASC) refers to
the use of rules and procedures to ensure completeness and accuracy of data.
Data integrity and validity is one of the key objectives of application systems controls audits,
and IS auditors are required to test data integrity and validity using various methods and
tools.
The application systems controls (ASC) audit can also be conducted as an independent audit
to assess controls and security in an application system. An ASC audit gives management a
detailed assessment of IT controls and an assurance that data is secure and protected.
Enterprises deploy application systems to automate business processes, and in many cases,
the IS auditor will find complex application systems which have been designed to accom-
plish high-end business tasks using large volumes of data such as big data. It is important
that these processes are checked regularly in order to ensure that they produce accurate in-
formation for business decision-making. It is also especially important to carry out checks
when changes are being made to the system whether they are one-off or routine changes.
ASC audits are often conducted after IT general controls audits have been completed and a
positive assessment of controls is reported. Where there are material weaknesses, the ASC
audit might be delayed to allow management to address the issues raised by the IS auditors
during the IT general controls audit.
ASC audits are also conducted as independent and specialised audits due to the high com-
plexity of some application systems which are used to capture and process billions of mega-
bytes of data and, in some cases, across large geographical areas.
There are many examples of application software which are used in enterprises ranging from
simple administrative applications to large systems used in production, research, banking,
and airline ticketing systems. In office environments, the IS auditor might find the following
application systems in use:
1. accounting software
2. customer relationship management software
Search WWH ::
Custom Search