Auditing Business Applications

Information Technology controls are categorized as General Controls and Application Controls. This “Auditing Business Applications” seminar can be paired with our one-day, 8 CPE-credit, “IT General Controls” seminar, or taken as a stand-alone class.  As a stand-alone class, we will briefly cover ITGCs but focus on ITACs…how the business applications are identified and risk-ranked, and how their controls are documented, assessed, and improved.  We will cover various methodologies from COBIT, NIST, ISO, PMI, etc. and terminologies such as SDLC, DevSecOps, Agile Development and Testing, Identity Access and Management (IAM), Application Programming Interfaces (APIs), Immutable Backups, Recovery Point Objectives (RPOs), Recovery Time Objectives (RTOs), Moves-to-Production (MTPs), and others.

Attendees will:

• Understand the fundamentals of IT auditing and auditing business applications, including the role and importance of auditing in ensuring application system integrity, security, and control.
• Gain knowledge of auditing methodologies and techniques specifically applicable to business applications.
• Learn how to assess and manage risks associated with business applications, including identifying potential application vulnerabilities and implementing appropriate controls.
• Acquire skills to test and evaluate the effectiveness of internal controls within business applications.
• Develop an understanding of the criteria for inventorying and risk-ranking business applications.
• Enhancing critical thinking and problem-solving abilities through case studies and discussion of instructors’ ITAC audits.
• Build communication and reporting skills to effectively communicate audit findings and recommendations to stakeholders.
• Obtain a comprehensive framework for conducting successful audits of business applications and ensuring compliance with organization and industry best practices.

• Introduction and Concepts:  COSO Frameworks, Internal Control, Internal Auditing, IT Auditing
• Overview of ITGCs, ITACs, and the Sarbanes-Oxley Act
• How Business Applications Work
• The Buy vs. Build Decision of Application Software
• On-Premise vs. Hosted Applications
• The Systems Development Lifecyle and DevSecOps
• Personnel Responsibilities for Applications:  IT Management, Users, Business System Analysts, Application Developers and Software Engineers, IT Security, Computer Operations, Software QA, Testers, Consultants, Auditors   
• Control Objectives of Business Application System Audits
• Planning Application Audits, Assessing Application Risk, and Determining the Scope
• Performing Application Audits:  Control Identification, Sampling and Testing Methods, Assessment, Workpaper Documentation
• Application Security Provisioning and De-Provisioning, User Profiles/ Roles, Change Control, and Implementation Control
• Controls over Application Input, Processing, and Output
• Application System Backup and Recovery, RTO and RPO
• Accounting for Software Costs
• Reporting the Results of the Business Application Audit
• Recommendations for ITAC Improvements

Program Level of Understanding: Basic

Prerequisites: None

Advance Preparation: None

Delivery Format: On-site Training (Group-Live); Seminar (Group-Live)

NASBA Field(s) of Study: "Auditing" and "Information Technology"

CPE Credits: 18, based on 50 minutes of instruction per hour

The Auditing Business Applications CPE event is a comprehensive training program designed to equip participants with the necessary skills and knowledge to effectively audit business applications. This in-person event covers a wide range of topics related to auditing various types of business applications, including enterprise resource planning (ERP) systems, customer relationship management (CRM) software, and other critical applications used in organizations.

During the event, participants will delve into the importance of auditing business applications in today's digital landscape and understand the risks associated with these applications. The program focuses on providing practical guidance and best practices for evaluating controls within business applications, conducting risk assessments, performing data analysis, and ensuring compliance with relevant regulations.

Led by an industry expert, the event offers interactive sessions, real-world case studies, and discussions that encourage active participation and knowledge sharing among attendees. The goal is to enhance participants' auditing capabilities, enabling them to assess the effectiveness of controls, identify potential vulnerabilities, and contribute to the overall governance and risk management processes within their organizations.

Whether you are an internal auditor, IT professional, or compliance officer, this CPE event provides valuable insights and tools to enhance your ability to audit and assess business applications. Register now at Compliance-Seminars.com to secure your spot in this engaging and informative in-person training opportunity.