Auditing Business Application Systems

MIS Training Institute (MISTI)
Training overview
2 days

Course description

Auditing Business Application Systems

The 2-day Auditing Business Application Systems seminar is designed for operational, financial and information technology auditors who need to perform business application audits. This seminar places focus on a risk-based, top-down approach that teaches how to assess key risks and controls in each stage of the application processing cycle. Participants will learn how to prioritize their audit approach to achieve the best results and will have the chance to discuss aspects of a business application, including accuracy of input and completeness, and output and processing. 

During this seminar, participants will techniques for identifying, prioritizing, assessing and evaluating application controls and procedures, and will leave with real examples of:

  • Application control risks
  • Control objectives
  • Key application control assessments 
  • Testing techniques

Who should attend?

This course is suitable for IT, Financial, Operations and Business Applications Auditors, as well as Audit Managers who require an understanding of application controls and audit approaches for business application systems. 

Training Content

This course will cover the following topics: 

1. Introduction to Business Application Systems

  • IT Risk Assessment
  • Relationship Between IT general & application controls
  • IT control categories
  • Objectives of business application audits
  • Types of business application audits
    - existing application reviews
    - end user computing
    - systems development audits
  • Integrated auditing
  • Data vs. information

2. Business Application Transactions

  • What is a transaction?
  • Transaction-based application auditing
  • Transaction life cycle
  • Batch and online models
  • Application risk assessment factors
  • Establishing audit priorities

3. Top-Down Risk-Based Planning 

  • Planning the application audit
  • Top-down risk based planning
  • Defining the business environment
  • Determining the application’s technical environment
  • Performing a business information risk assessment
  • Identifying key transactions
  • Developing a key transaction process flow
  • Evaluating and testing application controls

4. Executing Integrated Audits

  • Control ownership
  • What is integrated auditing?
  • Integrated it / business controls
  • Enterprise risk coverage
  • Integrated audit scoping
  • Integrated audit staffing
  • COSO principle 11 –IT control activities 

5. Business Application Controls

  • Business applications - information objectives
  • Business application auditing
  • Business application transaction life cycle
  • Transaction origination
  • Completeness and accuracy of input
  • Completeness and accuracy of processing
  • Completeness and accuracy of output
  • Completeness and accuracy of master files
  • Completeness and accuracy of interfaces
  • Output retention and disposal
  • Data file controls
  • User review, balancing, reconciliation
  • End-user documentation

6. Testing Business Application Controls

  • Testing business application controls
  • Testing automated and manual controls
  • Testing alternatives 
  • Testing sample size
  • Sampling terminology
  • Negative assurance testing
  • Types of audit evidence
  • Functional/substantive testing
  • Computer Assisted Audit Techniques (CAATS)
  • Data analysis - planning and data verification

7. Documenting Business Application Controls

  • Evaluating and documenting internal controls
  • Internal control questionnaires (ICQ)
  • Narratives
  • Flowcharts / process flows
  • Control matrix

8. End User Computing

  • Growth of end user computing
  • End user computing risks
  • General IT control risks
  • Change control risks
  • Purchased application risks
  • Spreadsheets - typical errors
  • Spreadsheet risk factors
  • Practical steps for evaluating spreadsheet controls

9. Auditing Systems Development Projects

  • Audit objectives
  • SDLC risks
  • Primary reasons for problems
  • Traditional system development life cycle
  • Rapid application development
  • Internal audit involvement


The cost of this course is $1795 per participant. Request information to learn more!

Certification / Credits

Completion of this course is worth 16 CPE Credits



MIS Training Institute (MISTI)

With offices in London and Boston, MISTI is the global leader in IT audit, audit and information security training. Founded in 1978, MISTI has gained experience through training more than 200,000 delegates across five continents.  MISTI has made it their...

Read more and show all training delivered by this supplier

Request info

Fill out your details to find out more about Auditing Business Application Systems.

  Contact the provider

  Get more information

  Register your interest

Contact info

MIS Training Institute (MISTI)

 Show phone number


Average rating 5

Based on 3 reviews

Jake V.
I came back to work with a lot of suggestions and knowledge that applies to so many of our audits. I enjoyed the class and instructor so much and will certainly look for more MISTI trainings.
The instructor was very knowledgeable and provided useful information. His teaching style kept the attendees involved and made the course more enjoyable.
David, M, Accudyne Industries
Request Information

Have a question about this course? Fill out this form and the provider will get in touch with you shortly

View again
Supplier Directory
Join our Supplier Directory to:
- Gain Traffic
- Get Noticed
- Showcase Your Services
- Free Listing Available