Auditing Business Applications Systems - ITG212WEB

Auditing Business Applications Systems ITG212WEB

Auditing Business Applications Systems - ITG212WEB

Upcoming Dates & Locations

Oct 20th, 2021

Auditing Business Applications Systems - ITG212WEB


This webinar covers the technical and operational information necessary to audit automated business applications. Students focus on a top-down, risk-based approach to auditing application system transactions, and review techniques that can be applied to all types of applications.

Who Should Attend

Financial, operational, business applications, IT and external auditors, quality assurance personnel; audit managers and directors; and systems analysts.


  • None

What You’ll Learn

You will learn how to prioritize an audit to focus on the highest risk areas, ways to assess key controls, and documentation procedures. Also, completeness and accuracy of input, processing and output, transaction authorizations, and reconciliations.


1. Introduction to Business Application Systems:

  • types of automated business applications
  • objectives of an application audit
  • application control ownership

2. Business Application Transactions:

  • what is a transaction?
  • transaction-based application auditing
  • transaction life cycle

3. Top-Down, Risk-Based Planning:

  • planning the application audit
  • top-down, risk-based planning
  • defining the business environment
  • determining the application’s technical environment
  • performing a business information risk assessment
  • identifying key transactions
  • developing a key transaction process flow
  • evaluating and testing application controls

4. Application Controls:

  • COSO: application control objectives
  • application transaction life cycle
  • transaction origination
  • completeness and accuracy of input
  • completeness and accuracy of processing
  • completeness and accuracy of output
  • output retention and disposal
  • end-user computing

5. Testing Application Controls:

  • testing automated and manual controls
  • testing alternatives
  • testing sample size
  • sampling terminology
  • computer-assisted audit techniques (CAATs)
  • data analysis: planning and data verification

6. Documenting Application Controls:

  • evaluating and documenting internal controls
  • internal control questionnaires
  • narratives
  • flowcharts/process flows
  • control matrix

Why You Should Attend

You should attend because the IIA has issued advisories stating that all internal auditors must have sufficient knowledge of key information technology risks and controls.

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: