The Institute of Internal Auditors has published a new guide to aid internal auditors in auditing business applications. It says the new guide will help internal auditors provide assurance and consulting services related to business applications. The practice guide also describes how to identify and assess the risks and standardized and system-specific controls relevant to business applications.
This practice guide, issued by the IIA’s Standards and Professional Knowledge department helps internal auditors:
- Gain a working knowledge of the systems development life cycle, service delivery, and information security processes relevant to business applications.
- Understand key risks and controls that may be present during the planning, development, support, and security of business applications.
- Plan engagements to provide assurance and consulting services related to business applications based on relevant risks and opportunities.
- Become familiar with relevant guidance from three widely used control frameworks.
“Because applications are essential enablers of business processes, a risk-based audit plan should include audit engagements that evaluate standardized and system-specific controls to ensure significant risks are covered,” the IIA said in a statement.
IIA members can download the new guide here, while nonmembers may purchase the paper in the IIA’s Bookstore.