This two-day class will focus on the presentation and discussion of general guidelines in performing an Information System Application Controls Review (ACR). The overall goal of this course will be to provide financial, operational, and entry-level IS/IT auditors with the key concepts and basic knowledge necessary to identify, test, and assess the reliability of application controls in mainframe, client/server, and/or multi-platform environments. The course will also provide the participants with a comprehensive methodology for examining application controls when reviewing business applications processed on mainframe, client/server, and/or multi-platform environments. The various control components of an automated business application will be presented and discussed, including: authorization, i nput, processing, output, security, and documentation. Application controls will be compared and contrasted with general controls in an automated environment. Participants will also learn how to identify and define a specific automated business application in highly integrated environments. At the conclusion of the second day of the course, participants will work through a generic application control review audit.

Course Objectives

  • Types and Definitions of IT Controls
  • Audit Standards
  •  Performing an Application Controls Review
  • Components and Controls in an Automated Business Application

Duration & Learning Level

Learning Level: Intermediate

Duration: 3 day(s)-

  • doodles

    Sample Exams


    Course Completion Certificate


    2 Days Classroom Training


    Worldclass Trainer


    Sample Exams

  • Introduction to Course
  • Purpose and Objectives of Course
  • Types of Business Application Audits

  • Application Controls
  • General Controls
  • Relationship of Application Controls to General Controls
  • Types / Sub Categories of Controls COSO

  • Institute of Internal Auditors
  • General Accounting Office
  • Texas Internal Auditing Act
  • Department of Information Resources
  • Statements on Auditing
  • Standards (SAS), including SAS

  • Planning / Resource Requirements
  • Scoping / Application Identification
  • Application Risk Assessment
  • Audit Program Development
  • Identifying, Testing, and Assessing Control Reliability
  • Data Integrity Testing
  • Certifying Computer Security
  • Issue, Finding and Report Development and Presentation
  • Follow-up considerations

  • Transaction Authorization and Origination
  • Input
  • Processing
  • Output
  • Security
  • Maintenance

  • Beginning the Audit
  • Identifying and
  • Documenting Controls,
  • Testing Controls and
  • Using Automated Audit Resources.

Upon completion of the training, participants will be provided a Certificate of Completion / Attendance.

  • doodlrafees

    Finance and Accounting


    Information Technology


    Internal / External Audit


    Professionals interested in the IT Audit field

Back to Top