Application Controls 1989



  • Hi,
    I have to test application controls on the financial systems in my company. I know that there is explaination on how to test the General Control in the Cobit documentation, but I didn’t find anything like this for the appplication controls.
    Is there a document that can help me to plan the testing of application controls?
    Thanks,
    Kate



  • Hi Kate - As some quick ideas, SOX auditors are generally interested in evaluating some of the following within financial applications:

    • security and autonomy controls
    • change management process
    • work flow designs and controls
    • documentation, standards, and procedures
      etc …
      Some of these links might also help
      Please paste to browser and add www
      (look for articles rather than vendor ads or promotions)
      google.com/search?hl=en-and-q=sox testing application controls
      Please paste to browser - no www is needed
      en.wikipedia.org/wiki/Information_technology_controls
      Application Controls
      Sections 302 and 404 also impact internal controls, including control points over the functions and logic of the financial applications that feed information into financial reports. A key area of risk being scrutinized by the Big 4 tax and audit firms is the use of uncontrolled spreadsheets affecting regulatory reporting, P-and-L reporting or general ledger entries.
      Reducing the risk of errors in critical financial spreadsheets requires a spreadsheet inventory, risk assessment, remediation, and the deployment of a controlled environment that incorporates version control, access control, security and data integrity, change control, input control, documentation, archival and backup, and overall analytics .


  • Thanks a lot,
    Kate


Log in to reply