Course Description
In today’s audit environment, very few business applications are of void of IT involvement. In many cases, major operational and process decisions are built into and executed by the “system”. Internal Audit can no longer audit around or make assumptions regarding the functionality and processes within the application. Rather, the auditor must gain assurance of the integrity of the automated components of the application. This course is designed for both the internal and IT auditor as an integrated team. You will learn the associated risks and mitigation approaches and enable you to perform an audit of an application.
This training session prepares you to perform audits of IT-enabled application systems with the necessary technical background to understand:
- How automated applications operate
- Control risks inherit to their design depending on application’s architecture
- Identification of key transactions
- Testing methodologies
You will focus on:
- Planning the Application Audit
- Understanding the Risks in IT Process Models
- The Key Application Processes
- Key Controls
- Audit Testing
You will participate in group exercises and case studies.
Learning Objectives:
- Identify IT risks in an application
- Plan an automated applications review
- Perform an automated applications review
- Understand how to participate in an integrated audit of an applications system
Course Outline
Planning the Application Audit
- Understanding the Application
- Documentation
- Risk Assessment
- Effect on financial reporting
- Compliance and Regulatory Requirements
- Materiality
- Other critical processes
- Alignment with business and other risk assessments
- Scope
- Identification of processing boundaries
- Identification of high-risk, or critical transactions and processes
- Alignment with financial and operational audit objectives
- Reliance on General Controls
Structured Walkthroughs
Understanding the Risks in IT Process Models
- Batch
- On-Line Interactive Processing
- Client-Service Processing
- Web-Based Processing
- Proprietary Web
- Cloud-Processing
The Key Application Processes
- Source Data Preparation and Authorization
- Source Data Collection and Entry
- Editing Processes (Accuracy, Completeness and Authenticity)
- Processing (Data integrity, validity, and interfaces)
- Outputs (Reconciliation, error management, privacy)
- Transaction Authentication (access controls, separation of duties)
Key Controls
- Batch Environment
- On-Line Interactive Processing
- Web-Based Processing
Audit Testing
- Testing Techniques
- Parallel Simulation/Re-Performance
- Test Decking
- Integrated Test Facility
- Using User Acceptance Tests
- Assessing Data Availability
- Sampling
- Audit Testing Risks and Solutions
Working in an integrated audit team
Additional Information
Who Should Attend
Internal auditors responsible for the audits of IT-enabled applications and internal control professionals
Learning Level
Basic
Delivery
Group-Live & Group Internet-Based
Field
Auditing
Advanced Preparation
None
Recommended Prerequisites
Introduction to IT Auditing (AA01) or equivalent training including a general understanding of IT processes, business and accounting applications, and audit process
Session Duration
Online: Four 3-hour sessions
On Site: 2 days
CPE Credits: 16