Application Controls 1989

  • Hi,
    I have to test application controls on the financial systems in my company. I know that there is explaination on how to test the General Control in the Cobit documentation, but I didn’t find anything like this for the appplication controls.
    Is there a document that can help me to plan the testing of application controls?

  • Hi Kate - As some quick ideas, SOX auditors are generally interested in evaluating some of the following within financial applications:

    • security and autonomy controls
    • change management process
    • work flow designs and controls
    • documentation, standards, and procedures
      etc …
      Some of these links might also help
      Please paste to browser and add www
      (look for articles rather than vendor ads or promotions) testing application controls
      Please paste to browser - no www is needed
      Application Controls
      Sections 302 and 404 also impact internal controls, including control points over the functions and logic of the financial applications that feed information into financial reports. A key area of risk being scrutinized by the Big 4 tax and audit firms is the use of uncontrolled spreadsheets affecting regulatory reporting, P-and-L reporting or general ledger entries.
      Reducing the risk of errors in critical financial spreadsheets requires a spreadsheet inventory, risk assessment, remediation, and the deployment of a controlled environment that incorporates version control, access control, security and data integrity, change control, input control, documentation, archival and backup, and overall analytics .

  • Thanks a lot,

Log in to reply