Application Controls: Definition, Objectives, Types, and Benefits, Slides of Business Management and Analysis

An overview of application controls, their objectives, types, preventive, detective, and corrective controls, benefits, and risk assessment approach. Application controls are specific to individual processes or application systems, ensuring data accuracy, completeness, and authorization. They include input, processing, output, and management trial controls.

Typology: Slides

2011/2012

Uploaded on 12/20/2012

devashish
devashish 🇮🇳

4.3

(24)

111 documents

1 / 20

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Application Controls
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14

Partial preview of the text

Download Application Controls: Definition, Objectives, Types, and Benefits and more Slides Business Management and Analysis in PDF only on Docsity!

Application Controls

Defining Application Controls

• Application controls are those controls that

pertain to the scope of individual processes or

application systems

• They include data edits, separation of business

functions, balancing of processing totals,

transaction logging, and error reporting

Application Controls vs. General Controls

  • Application controls are those controls that

pertain to the scope of individual processes or

application systems (specific to a given

application)

  • General controls are controls that apply to all

systems components, processes, and data

present in an organization or systems

environment

Types of Application Controls

  • Input Controls - check the integrity of data entered into a business application
  • Processing Controls - ensure processing is complete, accurate, and authorized
  • Output Controls - compare output results with expected results by checking the output against the input
  • Management Trial (Audit Trail) Controls - monitors the effectiveness of other controls and identifies errors as close as possible to their sources

Benefits of Relying on Application

  • Reliability Controls
  • Once an application control is established, and there is

little change to the application, database, or supporting technology, the organization can rely on the application control until a change occurs.

  • An application control will continue to operate more

effectively if the general controls that have a direct impact on its programmatic nature are operating effectively as well. As a result, the auditor will be able to test the control once and not multiple times during the testing period.

Benefits of Relying on Application

  • Benchmarking Controls
  • If general controls that are used to monitor program changes, access to programs, and computer operations are effective and continue to be tested on a regular basis, the auditor can conclude that the application control is effective without having to repeat the previous year’s control test.
  • Auditor should evaluate the appropriate use of benchmarking or an automated control by considering how frequently the application changes. (If application changes frequently, auditor should not rely on benchmarking)

Risk Assessment

  • Use top-down approach
  • Determine applications and controls to be reviewed
  • Determine appropriate tests to be performed

Mapping:

Financial Statement Accounts/Assertions

Business Processes/Units

Risk Identification and Analysis

Risk Assessment Approach

  • Identify applications, databases, and supporting

technology that uses application controls

  • Define the risk factors associated with each application

control

  • Weigh all risks to determine rankings by importance
  • Evaluate risk assessment results
  • Create review plan based on the risk assessment and

ranked risk areas

Scoping of Application Controls

• Business Process Method

  • Top-down review approach used to evaluate the

application controls present in all the systems that

support a particular business process.

• Single Application Method

  • Used to review the application controls within a

single application

Business Process Method

Planning

  • Detailed Review Program
  • Meeting with Management
    • Management’s concerns regarding risks
    • Previously reported issues
    • Internal auditing’s risk and control assessment
    • A summary of the review’s methodology
    • The review’s scope
    • How concerns will be communicated
    • Which managers will be working on the review team
    • Any Preliminary information needed
    • The length of the review

Testing Application Controls

  • Are application controls working?
  • Substantive testing
  • Information technology general controls review
  • Ways to test:
    • Inspection of system configurations
    • Inspection or re-performance of reconciliations with supporting details
    • Re-Performance of the control activity using system data
    • Inspection of user access listings
    • Re-Performance of the control activity in a test environment

Process Narrative-Documentation

  • 1) Procurement
    • a) Requisitioning
      • i) When employees need to buy goods or services, they will create a purchase requisition in the procurement application ( Control C1 ). Once the requisition has been created, the buyer will review the purchase requisition for the appropriateness, completeness, and accuracy. Components of the purchase requisition that are reviewed include, but are not limited to, the vendor, item, quantity, and account coding. If the review does not reveal any errors, the buyer will approve the purchase requisition. If the buyer rejects the purchase requisition for any reason, the requisitioner will be notified. Finally, if issues with the original requisition are resolved as required, the buyer will approve the requisition.

Risk and Control Matrix

What to include in a matrix:

  • Identified risks
  • Control Objectives
  • Control Attributes such as control type and frequency
  • Testing Information