Our Application Controls Audit Work Program is a detailed guide designed to assist organizations in evaluating the effectiveness of application controls, which are essential for preventing, detecting and correcting errors or fraud within information systems. This tool underscores the significance of regular audits as part of an organization's risk management strategy, ensuring data accuracy, regulatory compliance and operational efficiency. It provides a clear framework for identifying risks, implementing controls and improving processes to secure information systems. This work program includes actionable steps tailored to varying complexities and types of applications, making it a versatile tool that can be customized to meet specific organizational needs.

It features two samples to address different auditing requirements. Sample 1 explores a wide range of applications, including Microsoft Office documents, SQL or in-house developed applications, and out-of-the-box software. It emphasizes key areas such as change control, version control, access control, input control and data security. Considerations like backups, documentation and segregation of duties are also included for higher complexity applications. Sample 2 focuses primarily on access and change controls, detailing procedures to ensure policies are comprehensive and effective. It emphasizes testing environments, tracking changes and enforcing access protocols to support business operations. Together, these samples provide a robust foundation for conducting thorough audits of application controls.

Audit steps include:

• Obtain a copy of the company’s policy regarding end-user-developed applications and spreadsheets used for financial reporting purposes.
• Review the applications where they reside on the network and verify that the documents comply with the policies.
• Verify that the policy appropriately covers how to prevent unauthorized changes.
• Determine if key functional users have issues or problems regarding application availability, integrity or performance.