Application and General Controls apply to all areas of the organization including the information technology infrastructure and support services.

Internal accounting controls
Operational controls
Administrative controls
Organizational security policies and procedures
Overall policies for the design and use of adequate documents records
Procedures and practices to ensure adequate safeguards over access
Physical security policies for all data centers and IT resources
Processing accomplishes the designed and correct task
The processing results meet expectations
Data is maintained

Our tasks when performing an application control audit include:

Reviewing all available documentation and interviewing the appropriate personnel
Identifying the application control strengths and evaluating the impact of weaknesses found in the application controls
Developing a testing strategy
Testing the controls to ensure their functionality and effectiveness
Evaluating test results and other audit evidence to determine if the control objectives were achieved
Evaluating the application against management’s objectives for the system to ensure efficiency and effectiveness

Information Technology Audit Deliverable

The IT audit documentation provided once the audit is finished includes:

Planning and preparation of the audit scope and objectives
Description or walkthroughs on the scoped audit area
Audit program
Audit steps performed and audit evidence gathered
Audit findings, conclusions and recommendations
Audit documentation relation with document identification and dates
A copy of the report issued as a result of the audit work

When we communicate the audit results to your organization it will be done at an exit interview where we will have the opportunity to discuss any findings and recommendations.

The facts presented in the report are correct
The recommendations are realistic and cost-effective, or alternatives have been negotiated with your organization’s management
The recommended implementation dates will be agreed to for the recommendations we have in our report.

The presentation will include a high-level executive summary.