Application Controls 1989
-
Hi,
I have to test application controls on the financial systems in my company. I know that there is explaination on how to test the General Control in the Cobit documentation, but I didn’t find anything like this for the appplication controls.
Is there a document that can help me to plan the testing of application controls?
Thanks,
Kate
-
Hi Kate - As some quick ideas, SOX auditors are generally interested in evaluating some of the following within financial applications:
- security and autonomy controls
- change management process
- work flow designs and controls
- documentation, standards, and procedures
etc …
Some of these links might also help
Please paste to browser and add www
(look for articles rather than vendor ads or promotions)
google.com/search?hl=en-and-q=sox testing application controls
Please paste to browser - no www is needed
en.wikipedia.org/wiki/Information_technology_controls
Application Controls
Sections 302 and 404 also impact internal controls, including control points over the functions and logic of the financial applications that feed information into financial reports. A key area of risk being scrutinized by the Big 4 tax and audit firms is the use of uncontrolled spreadsheets affecting regulatory reporting, P-and-L reporting or general ledger entries.
Reducing the risk of errors in critical financial spreadsheets requires a spreadsheet inventory, risk assessment, remediation, and the deployment of a controlled environment that incorporates version control, access control, security and data integrity, change control, input control, documentation, archival and backup, and overall analytics .
-
Thanks a lot,
Kate