Discription

Business applications are crucial enablers of business processes and may comprise single software programs or a collection of hardware, firmware, and software applications operating as an integrated system. Given the importance of business applications, risk-based internal audit plans should include engagements that evaluate standardized and system-specific controls over relevant risks. This GTAG helps auditors plan and perform such engagements. This practice guide helps internal auditors: Gain a working knowledge of the systems development life cycle, service delivery, and information security processes relevant to business applications. Plan engagements to assess business applications by describing relevant risks and opportunities. Understand key risks and controls that may be present during the planning, development, support, and security of business applications. Become familiar with relevant guidance from three widely used control frameworks.