| A95. | The use of IT affects the way that control activities are implemented. From the auditor's perspective, controls over IT systems are effective when they maintain the integrity of information and the security of the data such systems process, and include effective general IT-controls and application controls. |
| A96. | General IT-controls are policies and procedures that relate to many applications and support the effective functioning of application controls. They apply to mainframe, miniframe, and end-user environments. General IT-controls that maintain the integrity of information and security of data commonly include controls over the following: |
| Data center and network operations. |
| System software acquisition, change and maintenance. |
| Program change. |
| Access security. |
| Application system acquisition, development, and maintenance. |
| They are generally implemented to deal with the risks referred to in paragraph A56 above. |
| A97. | Application controls are manual or automated procedures that typically operate at a business process level and apply to the processing of transactions by individual applications. Application controls can be preventive or detective in nature and are designed to ensure the integrity of the accounting records. Accordingly, application controls relate to procedures used to initiate, record, process and report transactions or other financial data. These controls help ensure that transactions occurred, are authorized, and are completely and accurately recorded and processed. Examples include edit checks of input data, and numerical sequence checks with manual follow-up of exception reports or correction at the point of data entry. |
 |
Licence and copyright | © 2018, LexisNexis Group a division of Reed Elsevier (UK) Ltd. All rights reserved. |