Application audit

Before auditing any application, the IT auditor needs to understand and determine:-

• the purpose of the application,
• who is the users of the system,
• risk i.e. impact and likelihood of the systems failure on the business proceses.

In general, during the the application audit, the following aspects should be reviewed:-

• Management / Planning - segregation of duties, policies and procedures, determine whether the systems effectively suports the business process and whether the system is able to cope with any future business expansion exercise. If not, determine whether there is any plan to improve the system
• Operations - backup and recovery, problems encountered by users, storage utilisation
• Security - Physical and logical security. Application security, operating system security and database security
• Support - internal (IT personnel) and external (vendor) support
• Data / Application control - review of input, processing and output control

An overall conclusion should be made as to whether the controls in place is sufficient to address the risks identified.