Global Practice Guide: Auditing Business Applications, 2nd Edition
Given the critical role of applications as enablers of business processes, a risk-based internal audit plan should include engagements that evaluate standardized and system-specific controls to determine whether significant risks are adequately managed.
Common examples of business applications include systems such as enterprise resource planning, point-of-sale, industrial control, customer relationship management, and billing.
This guide draws from three widely used frameworks to help auditors work with IT-IS to develop an assessment plan and tests to evaluate the design and implementation of relevant controls.
The guidance replaces the previous edition published in 2021.