Auditing Business Application Systems Agenda

Seminar: ID# 1003294

Agenda

1. Introduction To Business Application Systems

• Types Of Automated Business Applications
• Objectives Of An Application Audit
• Types Of Applications Audits
• System Environmental Considerations
• Application Control Ownership
• Integrated Auditing
• Data Vs. Information

2. Business Application Transactions

• What Is A Transaction?
• Transaction-Based Application Auditing
• Transaction Life Cycle
• Application Risk Assessment Factors
• Establishing Audit Priorities

3. Top-Down Risk-Based Planning

• Planning The Application Audit
• Top-Down, Risk-Based Planning
• Defining The Business Environment
• Determining The Application's Technical Environment
• Performing A Business Information Risk Assessment
• Identifying Key Transactions
• Developing A Key Transaction Process Flow
• Evaluating And Testing Application Controls

4. Data Input And Processing Models

• Comparing Pros/Cons Of Input And Processing Models
• Batch Input/Batch Processing
• On-Line Input/Batch Processing
• On-Line Input/On-Line Processing
• Real
• Time Input/Real-Time Processing

5. Application Controls

• Business Applications
• Information Objectives
• COSO: Application Controls
• Business Application Auditing
• Application Transaction Life Cycle
• Transaction Origination
• Logical Security
• Completeness And Accuracy Of Input
• Completeness And Accuracy Of Processing
• Completeness And Accuracy Of Output
• Output Retention And Disposal
• Data File Controls
• User Review, Balancing, Reconciliation
• End
• User Documentation
• Training
• Segregation Of Duties
• Business Continuity Planning
• Sarbanes
• Oxley Application Control Requirements

6. IT General Control Objectives And Risks

• IT General Controls Overview
• Relationship Between IT General Controls And Application Controls
• COBIT™ And ISO 27002
• Physical Security
• Environmental Exposures
• Logical Security
• Encryption
• Systems Development
• Production Change Management
• Disaster Recovery And Business Continuity Planning
• Sarbanes
• Oxley IT General Control Requirements

7. Testing Application Controls

• Testing Automated And Manual Controls
• Testing Alternatives
• Testing Sample Size
• Sampling Terminology
• Negative Assurance Testing
• Types Of Audit Evidence
• Functional/Substantive Testing
• Computer Assisted Audit Techniques (Caats)
• Data Analysis: Planning And Data Verification
• Sarbanes
• Oxley: Testing Requirements And Examples

8. Documenting Application Controls

• Evaluating And Documenting Internal Controls
• Internal Control Questionnaires
• Narratives
• Flowcharts / Process Flows
• Control Matrix

9. End-User Computing

• Growth Of End User Computing
• End User Computing Risks
• General IT Control Risks
• Change Control Risks
• Purchased Applications Risks
• Spreadsheets: Typical Errors
• Spreadsheet Risk Factors
• Practical Steps For Evaluating Spreadsheet Controls

10. Auditing System Development Projects

• Business Risks
• Audit's Primary Goals
• Costs To Correct Errors During System Development
• Traditional System Development Life Cycle
• Rapid Application Development
• Internal Audit Involvement
• Advantages And Challenges
• Qualifications Of Audit Personnel
• Requirements Of Audit Involvement
• Internal Audit Objectives
• Assess Project And Product Risks
• Assess User Involvement

11. Executing Application Audits

• Internal Audit Process
• Objectives Of An Application Audit
• Application Audit Planning
• Application Risk Assessment
• Determining The Audit Scope
• Obtaining Planning Information
• The Planning Memo
• Audit Programs
• Auditing Application Controls
• Testing Application Controls
• Audit Workpapers
• Audit Report
• Integrated Auditing