Selamat datang di Scribd!

Auditing Application Controls: Gtag® 8

Diunggah oleh

0% menganggap dokumen ini bermanfaat (0 suara)

276 tayangan13 halaman

Application controls are cost effective and efficient means to manage risk. IT general controls can lead to concluding application controls are effective year to year without re-testing. Application controls take less time to test and only require testing once as long as the IT general controls are effective www.theiia.org.

Deskripsi Asli:

Judul Asli

Gtag 8 Slides

Hak Cipta

Format Tersedia

PPT, PDF, TXT atau baca online dari Scribd

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Laporkan Dokumen Ini

Hak Cipta:

Attribution Non-Commercial (BY-NC)

Format Tersedia

Unduh sebagai PPT, PDF, TXT atau baca online dari Scribd

Tandai sebagai konten tidak pantas

0% menganggap dokumen ini bermanfaat (0 suara)

276 tayangan13 halaman

Auditing Application Controls: Gtag® 8

Diunggah oleh

mename1234

Hak Cipta:

Attribution Non-Commercial (BY-NC)

Format Tersedia

Unduh sebagai PPT, PDF, TXT atau baca online dari Scribd

Tandai sebagai konten tidak pantas

Lompat ke Halaman

Anda di halaman 1dari 13

Cari di dalam dokumen

Auditing Application Controls

Global Technology Audit Guide

GTAG 8

www.theiia.org

What this guides covers

Application controls and their benefits The role of internal auditors How to perform a risk assessment Application control review scoping

Application review approaches

Common application controls, suggested tests, and a sample review program

www.theiia.org

Application Controls
Objectives:

Input data is accurate, complete, authorized, and correct Data is processed as intended in an acceptable time period Output and stored data is accurate and complete A record is maintained to track data processing from input to storage to output
www.theiia.org

Application Controls
Cost effective and efficient means to manage risk Reliant on the effectiveness on the IT general control environment Approach varies for complex versus non-complex environments

www.theiia.org

Benefits of Application Controls

Reliability
Reduces likelihood of errors due to manual intervention

Benchmarking
Reliance on IT general controls can lead to concluding the application controls are effective year to year without re-testing

Time and cost savings

Typically application controls take less time to test and only require testing once as long as the IT general controls are effective
www.theiia.org

Role of Internal Auditors

Knowledge of key IT risks, controls and audit techniques Consultant or assurance
Independent risk assessment Design of controls Education Controls testing

www.theiia.org

Risk Assessment
Assess Risk Techniques Key scope questions Approach Define the universe Define the risks Weigh the risk factors Rank the risks Create a review plan based on the results
www.theiia.org

Scoping the Review

Business Process Method
Top down review

Single Application Method

Focus on a single application or module

Access Controls
Included no matter which method is chosen
www.theiia.org

Review Approaches
Planning Need for specialized resources Documentation Testing Computer-assisted audit techniques (CAATs)

www.theiia.org

Common Application Controls

Input and access controls
Data checks and validations Automated authorization, approval, and override Automated SOD Pended items

File and data transmission controls

www.theiia.org

Common Application Controls

Processing controls
Automated file identification and validation Automated functionality and calculations Audit trails and overrides Data extraction, filtering, and reporting Interface balancing Automated functionality and aging Duplicate checks

(Cont.)

Output controls
General ledger and sub-ledger posting Update authorization
www.theiia.org

Sample Detailed Review Program

Suggested tests
Test input controls to ensure transactions are added into and accepted by the application, processed only once and have no duplicated Test processing controls to ensure transactions are accepted by the application, processed with valid logic, carried through all phases of processing and updated to the correct data files
The sample included in Appendix B of the guide provides other detailed tests
www.theiia.org

In Closing
Application controls are a cost effective and efficient means to manage risk. Internal auditors should determine that their organizations application controls are designed appropriately and operating effectively. Consider benchmarking as a way to further reduce the testing effort
www.theiia.org

Anda mungkin juga menyukai

Information Systems Audit A Complete Guide - 2020 Edition
Dari Everand
Information Systems Audit A Complete Guide - 2020 Edition
Gerardus Blokdyk
Belum ada peringkat
COBIT 5 For Risk Laminate Res Eng 0913
Dokumen8 halaman
COBIT 5 For Risk Laminate Res Eng 0913
dandisdandis
Belum ada peringkat
Chandra - Auditing Cloud Computing
Dokumen17 halaman
Chandra - Auditing Cloud Computing
wawan_good
Belum ada peringkat
Onetrust DR Migration
Dokumen23 halaman
Onetrust DR Migration
Sujani Koya
Belum ada peringkat
COBIT Overview for IT Processes and Controls
Dokumen19 halaman
COBIT Overview for IT Processes and Controls
Ashraf Abdel Hamid
Belum ada peringkat
How To Derive An IT Audit Universe
Dokumen4 halaman
How To Derive An IT Audit Universe
kolocokro
Belum ada peringkat
Auditing OS and Database Controls
Dokumen3 halaman
Auditing OS and Database Controls
sanoburmahmood
100% (1)
1 - Risk Starter Kit Introduction and Getting Started
Dokumen6 halaman
1 - Risk Starter Kit Introduction and Getting Started
Suleyman S. Gulcan
Belum ada peringkat
Regulatory Compliance Using Identity Management
Dokumen16 halaman
Regulatory Compliance Using Identity Management
Estatica360
Belum ada peringkat
CRISC Certification Training
Dokumen5 halaman
CRISC Certification Training
mankrish6314
Belum ada peringkat
IT Control Objectives For Sarbanes-Oxley
Dokumen12 halaman
IT Control Objectives For Sarbanes-Oxley
Diego Vergara
Belum ada peringkat
Google Cloud Platform GCP Audit Program
Dokumen31 halaman
Google Cloud Platform GCP Audit Program
john
Belum ada peringkat
Oracle Security & Controls - Embedding Controls To Reduce Risk - Single
Dokumen6 halaman
Oracle Security & Controls - Embedding Controls To Reduce Risk - Single
apchaube
Belum ada peringkat
Sarbanes-Oxley (SOX) Project Approach Memo
Dokumen8 halaman
Sarbanes-Oxley (SOX) Project Approach Memo
Manna Mahadi
Belum ada peringkat
Google Cloud Platfor
Dokumen6 halaman
Google Cloud Platfor
john
Belum ada peringkat
ICOFR Standards
Dokumen134 halaman
ICOFR Standards
MehdiBelouize
Belum ada peringkat
SOX Overview
Dokumen29 halaman
SOX Overview
narasi64
100% (2)
IT Auditing Workshop
Dokumen2 halaman
IT Auditing Workshop
Oluwaseun Matthew
Belum ada peringkat
Security Audit
Dokumen31 halaman
Security Audit
Tarang Shah
100% (2)
IRCA Technical Review Briefing Note ISO 27001 PDF
Dokumen16 halaman
IRCA Technical Review Briefing Note ISO 27001 PDF
tsteh
Belum ada peringkat
Chapter 3 Software Testing and Quality Assurance Review
Dokumen9 halaman
Chapter 3 Software Testing and Quality Assurance Review
JoeFSabater
Belum ada peringkat
KnowYourBroadband AIRTEL
Dokumen15 halaman
KnowYourBroadband AIRTEL
Rohit Agarwal
Belum ada peringkat
Chapter 8 SDLC
Dokumen14 halaman
Chapter 8 SDLC
Richard Ngalu Yalakwanso
Belum ada peringkat
COBIT - A Key To Success As An IT Auditor
Dokumen3 halaman
COBIT - A Key To Success As An IT Auditor
kamuturi
Belum ada peringkat
CSX-F Cyber Security Fundamentals Exam Questions & Answers
Dokumen4 halaman
CSX-F Cyber Security Fundamentals Exam Questions & Answers
Lorenzo Ferrarese
Belum ada peringkat
Isaca: The Recognized Global Leader in IT Governance, Control, Security and Assurance
Dokumen83 halaman
Isaca: The Recognized Global Leader in IT Governance, Control, Security and Assurance
Sunil Kumar Ch
Belum ada peringkat
Segregration of Duties
Dokumen30 halaman
Segregration of Duties
afzallodhi736
Belum ada peringkat
IT General Controls
Dokumen6 halaman
IT General Controls
Patrick mdagano
Belum ada peringkat
General Data Protection Regulation Audit Checklist
Dokumen10 halaman
General Data Protection Regulation Audit Checklist
Dhruv Khurana
Belum ada peringkat
CISA Study Notes - 27th August 2022
Dokumen3 halaman
CISA Study Notes - 27th August 2022
Chitij Chauhan
Belum ada peringkat
SCF Privacy Management Principles
Dokumen7 halaman
SCF Privacy Management Principles
Bill Vseh
Belum ada peringkat
IT Audit - Framework
Dokumen20 halaman
IT Audit - Framework
Abi Syukri
Belum ada peringkat
CISA Exam 100 Practice Question
Dokumen22 halaman
CISA Exam 100 Practice Question
harsh
100% (1)
Iso 27004 - 2016
Dokumen11 halaman
Iso 27004 - 2016
R
Belum ada peringkat
CSX Fundamentals Brochure With Pricing Bro Eng 0816
Dokumen2 halaman
CSX Fundamentals Brochure With Pricing Bro Eng 0816
DiyanWahyuPradana
Belum ada peringkat
What Is A Key Risk Indicator (KRI) and Why Is It Important
Dokumen4 halaman
What Is A Key Risk Indicator (KRI) and Why Is It Important
Javeed A. Khan
Belum ada peringkat
Audit Program WAPVOIP
Dokumen45 halaman
Audit Program WAPVOIP
Poncho Lopez
Belum ada peringkat
Orlando Governance Risk and Compliance 7-1-2020
Dokumen7 halaman
Orlando Governance Risk and Compliance 7-1-2020
ibmkamal-1
100% (1)
308 Information System Audit PDF
Dokumen3 halaman
308 Information System Audit PDF
yn sagala
0% (1)
Cism Glossary Mis Eng 0815
Dokumen15 halaman
Cism Glossary Mis Eng 0815
Renan Huguenin
Belum ada peringkat
SEARCHITSecurity Assessment Tool
Dokumen84 halaman
SEARCHITSecurity Assessment Tool
tsegay.cs
Belum ada peringkat
Oracle GL R12 GL Control Matrix Final - Comments - v1
Dokumen19 halaman
Oracle GL R12 GL Control Matrix Final - Comments - v1
allextrastodo
Belum ada peringkat
DCSS en
Dokumen36 halaman
DCSS en
ashvar9
Belum ada peringkat
7 Tiers of Disaster Recovery Solutions Explained
Dokumen3 halaman
7 Tiers of Disaster Recovery Solutions Explained
Aamir Malik
Belum ada peringkat
Access To Programs and Data Audit Work Program
Dokumen2 halaman
Access To Programs and Data Audit Work Program
Vic Villano
Belum ada peringkat
Gartner Security and Risk MGMNT Summit 2013
Dokumen44 halaman
Gartner Security and Risk MGMNT Summit 2013
armvherisec
Belum ada peringkat
Transforming Enterprise IT: Speaker Name/Title Date
Dokumen17 halaman
Transforming Enterprise IT: Speaker Name/Title Date
bentojago
Belum ada peringkat
Application Sys. Review
Dokumen4 halaman
Application Sys. Review
adiltsa
Belum ada peringkat
ASI - IT Risk and Controls
Dokumen19 halaman
ASI - IT Risk and Controls
Arthia Ruth
Belum ada peringkat
InfoSystemsAuditChecklist (Version 1)
Dokumen44 halaman
InfoSystemsAuditChecklist (Version 1)
Merrick Martin
100% (1)
Cyber Ethics
Dokumen16 halaman
Cyber Ethics
navinnaithani
100% (2)
COSO Framework BANK
Dokumen15 halaman
COSO Framework BANK
Fahmi Nur Alfiyan
Belum ada peringkat
Application of CISM PDF
Dokumen10 halaman
Application of CISM PDF
edwardscpe
Belum ada peringkat
ITSM Gap Analysis For XYZ PDF
Dokumen21 halaman
ITSM Gap Analysis For XYZ PDF
Sourabh Mishra
Belum ada peringkat
Governance Risk Compliance
Dokumen6 halaman
Governance Risk Compliance
Charles Santos
Belum ada peringkat
Recovering From An Event ID 1034 On A Server Cluster
Dokumen5 halaman
Recovering From An Event ID 1034 On A Server Cluster
yoursbala
Belum ada peringkat
ISO-IEC 27001 Self Assessment Form
Dokumen3 halaman
ISO-IEC 27001 Self Assessment Form
Alea Consulting
100% (1)
Sun Microsystems Leverages COBIT Framework
Dokumen11 halaman
Sun Microsystems Leverages COBIT Framework
Adil Abdelgani
Belum ada peringkat
Information technology audit The Ultimate Step-By-Step Guide
Dari Everand
Information technology audit The Ultimate Step-By-Step Guide
Gerardus Blokdyk
Belum ada peringkat
Continuous Auditing A Complete Guide - 2020 Edition
Dari Everand
Continuous Auditing A Complete Guide - 2020 Edition
Gerardus Blokdyk
Belum ada peringkat
On Student Support System: Roject Eport
Dokumen20 halaman
On Student Support System: Roject Eport
arun
Belum ada peringkat
Connect to Ericsson RBS node and view inventory
Dokumen19 halaman
Connect to Ericsson RBS node and view inventory
Manuel Rivas
Belum ada peringkat
12: Data Management: Practical Primer Using Epidata. The Epidata Documentation Project. Available
Dokumen3 halaman
12: Data Management: Practical Primer Using Epidata. The Epidata Documentation Project. Available
prsiva2420034066
100% (1)
D C S & E CSP 249 Dbms Lab Manual: Epartment of Omputer Cience Ngineering
Dokumen12 halaman
D C S & E CSP 249 Dbms Lab Manual: Epartment of Omputer Cience Ngineering
Lokesh Yadav
Belum ada peringkat
Classification & Labeling Taxonomy in Contoso: Information Protection
Dokumen4 halaman
Classification & Labeling Taxonomy in Contoso: Information Protection
Gris Garcia De Mora
Belum ada peringkat
Temporary License Keys for SAP Business Objects Products Valid Until September 15, 2011
Dokumen5 halaman
Temporary License Keys for SAP Business Objects Products Valid Until September 15, 2011
amanblr12
Belum ada peringkat
Business Intelligence Value Proposition
Dokumen14 halaman
Business Intelligence Value Proposition
Max Roberts
Belum ada peringkat
MSTeams Diagnostics Log 17 - 8 - 2023 - 20 - 21 - 02 - Experience - Renderer
Dokumen24 halaman
MSTeams Diagnostics Log 17 - 8 - 2023 - 20 - 21 - 02 - Experience - Renderer
ROBERTO CARLOS MONTESINOS TRUJILLO
Belum ada peringkat
Oracle® Fusion Middleware: 2 Day Administration Guide 11g Release 1 (11.1.1)
Dokumen114 halaman
Oracle® Fusion Middleware: 2 Day Administration Guide 11g Release 1 (11.1.1)
varma98
Belum ada peringkat
Malware Analysis
Dokumen5 halaman
Malware Analysis
Ravi Kumar
Belum ada peringkat
ACI - VPC in ACI
Dokumen12 halaman
ACI - VPC in ACI
Avneet Singh
Belum ada peringkat
Smo Proposal (Fip)
Dokumen14 halaman
Smo Proposal (Fip)
plantillas carta
Belum ada peringkat
IT Leaders List
Dokumen2 halaman
IT Leaders List
Aarti Iyer
Belum ada peringkat
Project Functional Specs
Dokumen11 halaman
Project Functional Specs
xogen
100% (1)
Sap Poster
Dokumen1 halaman
Sap Poster
api-280072671
Belum ada peringkat
What Is New in SAP BW 7.3
Dokumen111 halaman
What Is New in SAP BW 7.3
Piyush Gahlot
Belum ada peringkat
Social Media Concerns
Dokumen2 halaman
Social Media Concerns
usgsa
Belum ada peringkat
Module 1 Living in The IT Era
Dokumen7 halaman
Module 1 Living in The IT Era
kvelez
100% (2)
Control Centre Overview Gyanendra Sharma NPTI Delhi
Dokumen39 halaman
Control Centre Overview Gyanendra Sharma NPTI Delhi
NPTI
Belum ada peringkat
CBAP Ques MCQ
Dokumen10 halaman
CBAP Ques MCQ
my n
Belum ada peringkat
Priyadarshini College of Engineering, Nagpur
Dokumen2 halaman
Priyadarshini College of Engineering, Nagpur
Poras Chahande
Belum ada peringkat
Weed Them Out! - Six Criteria For Software Vendor Selection
Dokumen5 halaman
Weed Them Out! - Six Criteria For Software Vendor Selection
prerna93
Belum ada peringkat
How To Program The Z80 Serial I/O (SIO) and CTC Document Version 2.1
Dokumen19 halaman
How To Program The Z80 Serial I/O (SIO) and CTC Document Version 2.1
salvaes
Belum ada peringkat
Avaya 41650
Dokumen18 halaman
Avaya 41650
TT
Belum ada peringkat
CSCU v2 Version Change Document
Dokumen20 halaman
CSCU v2 Version Change Document
Thithe
0% (2)
Oracle Performance Tuning
Dokumen55 halaman
Oracle Performance Tuning
PavanKumar
Belum ada peringkat
Arcgis For Mobile PDF
Dokumen8 halaman
Arcgis For Mobile PDF
Anbu Mujahidin
Belum ada peringkat
Sightline 9.3 Release Notes 2020-07-31
Dokumen40 halaman
Sightline 9.3 Release Notes 2020-07-31
kikecf
Belum ada peringkat
DBT MCQs # 1
Dokumen29 halaman
DBT MCQs # 1
Suyog Jadhav
Belum ada peringkat
Dunham - Data Mining PDF
Dokumen156 halaman
Dunham - Data Mining PDF
dig
Belum ada peringkat