This five-day collaborative course outlines and focuses on the concepts of information technology specifically on presentation and discussion of general guidelines in performing an Information System Applications Control Review (ACR). This course would be essential in order to understand the audit concerns in the IT environment of businesses nowadays.

Course Objectives

You will learn the necessary controls for application systems and will provide the participants with a comprehensive methodology for examining application controls when reviewing business applications processed on mainframe, client/server, and/or multi-platform environments. The various control components of an automated business application will be presented and discussed, including: authorization, input, processing, output, security, and documentation. Application controls will be compared and contrasted with general controls in an automated environment. Participants will also learn how to identify and define a specific automated business application in highly integrated environments.Executives and other professionals in:

Duration & Learning Level

Learning Level: Intermediate

Duration: 3 day(s)-

  • doodles

    PDUs offered


    Course Completion Certificate


    5 Days Classroom Training


    Scenario based examples


    Sample Exams

  • Introduction to Course
  • Purpose and Objectives of Course
  • Types of Business Application Audits
  • Internal control defined
  • Processes and control points
  • Identifying control points

  • Application Controls
  • General Controls
  • Relationship of Application Controls to General Controls
  • Types / Sub Categories of Controls COSO

  • Objectives of an IT audit
  • IT audit strategies
  • What is an application
  • Application vs. general controls

  • Institute of Internal Auditors
  • General Accounting Office
  • Texas Internal Auditing Act Page 3 of 4
  • Department of Information Resources
  • Statements on Auditing
  • Standards (SAS), including SAS 94.

  • What is IT governance?
  • Information security governance
  • IT policies and procedures
  • Separation of duties and outsourcing
  • Governance and control

  • Review
  • Planning / Resource Requirements
  • Scoping / Application Identification
  • Application Risk Assessment
  • Audit Program Development
  • IT audit control reviews
  • IT control categories
  • The audit deliverable
  • Building the audit team
  • Identifying, Testing, and Assessing Control
  • Reliability
  • Data Integrity Testing
  • Certifying Computer Security
  • Issue, Finding and Report Development and
  • Presentation
  • Follow-up considerations

  • doodlrafees

    Financial auditors


    Operational auditors


    Entry-level IS/IT auditors


    Personnel with an interest in understanding application controls and related audit strategies

Back to Top