Application and General Controls apply to all areas of the organization including the information technology infrastructure and support services.
- Internal accounting controls
- Operational controls
- Administrative controls
- Organizational security policies and procedures
- Overall policies for the design and use of adequate documents records
- Procedures and practices to ensure adequate safeguards over access
- Physical security policies for all data centers and IT resources
- Processing accomplishes the designed and correct task
- The processing results meet expectations
- Data is maintained
Our tasks when performing an application control audit include:
- Reviewing all available documentation and interviewing the appropriate personnel
- Identifying the application control strengths and evaluating the impact of weaknesses found in the application controls
- Developing a testing strategy
- Testing the controls to ensure their functionality and effectiveness
- Evaluating test results and other audit evidence to determine if the control objectives were achieved
- Evaluating the application against management’s objectives for the system to ensure efficiency and effectiveness
Information Technology Audit Deliverable
The IT audit documentation provided once the audit is finished includes:
- Planning and preparation of the audit scope and objectives
- Description or walkthroughs on the scoped audit area
- Audit program
- Audit steps performed and audit evidence gathered
- Audit findings, conclusions and recommendations
- Audit documentation relation with document identification and dates
- A copy of the report issued as a result of the audit work
When we communicate the audit results to your organization it will be done at an exit interview where we will have the opportunity to discuss any findings and recommendations.
- The facts presented in the report are correct
- The recommendations are realistic and cost-effective, or alternatives have been negotiated with your organization’s management
- The recommended implementation dates will be agreed to for the recommendations we have in our report.
The presentation will include a high-level executive summary.
Contact us to meet with an information technology auditor.