Information Technology Reference
In-Depth Information
3. asset management software
4. payroll software
5. human resource software
6. enterprise resource planning software.
In this chapter, we will focus on one key audit activity which is evidence-gathering just as
we did in chapter 10. We will look at how to collect evidence and what type of evidence
to collect which is relevant to an ASC audit. I have observed that many IS auditors do not
pay much attention to evidence-gathering such that when it comes to analysis of inform-
ation collected, they find difficulties in reporting findings and conclusions which are well
supported by evidence.
In order to make it easy to review various types of evidence which can be collected during
an ASC audit, we will use a question-and-answer format. In this chapter, I have included
six sections which we will use to review application controls. I have added two additional
sections which you would not normally find when reviewing application controls but are
necessary in order to have a complete review of application controls. I have included data-
base controls because databases are normally firmly integrated with application systems
and a review of database controls is therefore essential. The second inclusion is application
systems integration controls. In most IT infrastructure, the IS auditor will find application
systems which produce output which is automatically used by other systems as input. In
other systems, the input is done manually but with less efficiency. Integration and interop-
erability between applications is a common feature in modern application systems, and it is
important that IS auditors review controls around system integration.
It is easy to use a questionnaire to collect evidence during an application systems audit. An
IS auditor can use questionnaires to perform interviews with management or other suitable
methods such as observations or system interrogation. Preparing a set of questions in ad-
vance is good practice as it will enable the IS auditor to cover all the necessary areas during
an interview.
It is also a good idea to arrange interviews with appropriate members of management who
can provide authoritative information. Questions relating to application system governance
are best dealt with by senior management or system owners. Senior management should
have a good idea of what is expected and how application system governance is implemen-
ted in the enterprise. Application system operations issues would best be handled with by
IT management or system owners.
Application Information Systems Governance
Search WWH ::
Custom Search