Please enable JavaScript.

Coggle requires JavaScript to display documents.

4.4.3 (IS Auditor’s Role in Reviewing Application Controls (• Consider the…

- - - - efficient SYSTEM DESIGN STANDARDS
      - analyzing PROCEDURES USED and
      - comparing them to MANAGEMENT'S OBJECTIVE TO THE SYSTEM
- - - - TO DEVELOP TESTING STRATEGY by analyzing the accumulated information
    - - a selective review should be performed.
      - Any CHANGES TO APPLICATIONS should be documented properly.
      - To gain an understanding of an application’s development, an IS auditor should review the following documentation:
        
        SYSTEM DEVELOPMENT METHODOLOGY documents—
        
        Documents that describe the systems development approach used and include costbenefit analysis and user requirements
        
        Functional DESIGN specifications—
        
        Documents that provide aDETAILED EXPLANATION of the application.
        
        An understanding of KEY CONTROL POINTS should be noted during review of the design specifications.
        
        Program changes—
        
        Documents that detail any program change and provide evidence of AUTHORIZATION and a cross-reference to source code
        
        User manuals—
        
        Documents that provide the foundation for understanding how the user is using the application.
        
        Often CONTROL WEAKNESS can be noted from the review of this document.
        
        Technical reference documentation—
        
        Documents that include vendor supplied technical manuals for purchased applications in addition to any in-house documentation.
        
        ACCESS RULES AND LOGIC usually are included in these documents.
    - - The report should include the audit objectives, tests conducted, test results, and findings and recommendations.