Application Control - Resource Management - Lecture Notes, Study notes of Human Resource Management

Application Control, Defining Application Controls, Objectives of Application Controls, Application Controls, General Controls, Risk Assessment, Assess Risk, Risk Assessment Approach, Benefits of Relying on Application, Time and Cost Savings are some important points from lecture handout of Resource Management.

Typology: Study notes

2011/2012

Uploaded on 12/20/2012

devashish
devashish 🇮🇳

4.3

(24)

111 documents

1 / 4

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Application Control
l. Introduction
- Defining Application Controls
-Application Controls are those controls that pertain to the scope of individual business processes or
application systems, including data edits, separation of business functions, balancing of processing
totals, transaction logging, and error reporting.
-Objectives of Application Controls
- Input data is accurate, complete authorized, and correct
- Data is processed in an acceptable time period
- Data stored is accurate and complete
- Outputs are accurate and complete
- A record is maintained to track the process of data from input to storage and to the eventual output
- Application Controls versus General Controls
- Application controls are those controls that pertain to the scope of individual business processes or
application systems (specific to a given application)
Examples:
- Determining whether sales orders are processed within the parameters of customers credit
limits
- Making sure goods and services are only procured with an approved purchase order
-Monitoring for segregation of duties based on defined job responsibilities
-General Controls are controls that apply to all systems components, processes, and data present in an
organization or systems environment
Examples:
- Logical Access controls over infrastructure, applications, and data
- System and data backup and recovery controls
- Computer operation controls
Docsity.com
pf3
pf4

Partial preview of the text

Download Application Control - Resource Management - Lecture Notes and more Study notes Human Resource Management in PDF only on Docsity!

Application Control

l. Introduction

  • Defining Application Controls
  • Application Controls are those controls that pertain to the scope of individual business processes or application systems, including data edits, separation of business functions, balancing of processing totals, transaction logging, and error reporting.
  • Objectives of Application Controls
  • Input data is accurate, complete authorized, and correct
  • Data is processed in an acceptable time period
  • Data stored is accurate and complete
  • Outputs are accurate and complete
  • A record is maintained to track the process of data from input to storage and to the eventual output
  • Application Controls versus General Controls
  • Application controls are those controls that pertain to the scope of individual business processes or application systems (specific to a given application)

Examples:

  • Determining whether sales orders are processed within the parameters of customers credit limits
  • Making sure goods and services are only procured with an approved purchase order

-Monitoring for segregation of duties based on defined job responsibilities

  • General Controls are controls that apply to all systems components, processes, and data present in an organization or systems environment

Examples:

  • Logical Access controls over infrastructure, applications, and data
  • System and data backup and recovery controls
  • Computer operation controls

ll. Risk Assessment

Assess Risk

  • when assessing risk auditor should use a top-down risk assessment to determine which applications to include as part of the control review and what test are to be performed

Application Control: Risk Assessment Approach

-Define the universe of applications, databases, and supporting technology that use application controls

  • Define the risk factors associated with each application control:
    • Primary application controls
    • Pre-packaged or developed applications
    • The design effectiveness of application controls
    • Whether the application control supports more than one critical business process
    • Frequency and complexity of changes to applications
    • Financial impact of the application controls
    • The controls’ audit history
  • Weigh all risk to determine which risks need to be weighed more heavily than others
    • Qualitative rankings – High, Medium, Low
    • Quantitative rankings – Numerical Scale
  • Evaluate risk assessment results
  • Create risk review plan that is based on the risk assessment and ranked risk areas

III. – Controls

Benefits of Relying on Application

Reliability

  • Once an application control is established, and there is little change to the application, database, or supporting technology, the organization can rely on the application control until a change occurs.

- Top-down review approach used to evaluate application controls in all systems that support a particular business process

Single Application Method

  • Approach used to review the application controls within a single application

Application Review Approaches and Other Considerations

  • Planning of Application Controls
    • After risk assessment and scope determination, auditor needs to develop and communicate a detailed review plan
  • Need for Specialized Audit Resources
    • Identify if an IT auditor will be needed
  • Testing Application Controls
    • Auditor should assess if application controls are working or if they are being circumvented by creative users or management override
    • Substantive testing on the efficacy of controls is needed rather than a review of control settings
    • Auditor may test application controls using several methods that are based on the type of application control these include
      • Inspection of system configurations
      • Inspection of user acceptance testing
      • Edit checks for key fields
      • Re-performance of the control activity using system data
      • Inspection of user access listings
      • Re-performance of the control activity in a test environment
  • Documentation Techniques for Application Controls
    • Flowcharts
    • Process Narratives