Auditing Information Systems Applications

Course Description: 

One of the most important activities an IS Auditor can provide for their clients is the review of information systems applications.  Traditional financial systems – General Ledger, Sales and Receivables, Purchases and Payables, Payroll – must each be evaluated to ensure information completeness, accuracy, and validity, otherwise management may base its decisions on unreliable information.  Other types of systems can also benefit from an application control review, whether they track manufacturing data, patient care details, or Internet-based sales and account information accessed directly by customers.

This seminar is designed to give you the skills you need to understand and evaluate controls within information systems applications.  We begin with a method for analyzing an application to identify its important information stores and data movements.  The course includes discussion of techniques to document your understanding as a vehicle for further control analysis.  We’ll then use a systematic technique to identify controls within the system, and more importantly, control gaps that threaten data completeness, accuracy or authorization.  You’ll also see examples of advanced computer-based control techniques that reduce the need for tedious and potentially unreliable manual controls.

Our emphasis will be on honing your skills to review controls in any type of information application, rather than having to rely on pre-existing checklists.  The techniques covered are also applicable at any stage of system development, ranging from initial design, through to pre-conversion, and on to post implementation.  As with all our sessions, the seminar will include live demonstrations of software and techniques, as well as a hands-on case study, to help you better understand the key concepts.

Key topics: 
  • Understanding and analyzing information system applications
  • Documenting your understanding
  • Identifying application controls and control gaps
  • Manual and automated control techniques to help ensure data correctness
Course Objectives: 

After completing this course, you understand how common applications track and provide information, how to document these systems, and how to identify and address their control deficiencies.

Course Length: 
1.0 Day
Intended Audience: 

This course is intended for those IS auditors that must evaluate information systems applications, identify their control deficiencies, and provide constructive and practical recommendations for their resolution.

Learning Level: 
Suitable for those new to the topic
Instructional Method: 
  • In-class lecture with experienced instructor


CPE Credits: 
7 Hours