top of page
Auditing Business Applications

Auditing Business Applications

"Auditing Business Applications" is a comprehensive, detailed, three-day, 18 CPE-credit seminar of internal control, auditing techniques, and best practices specifically tailored for business application systems.


Participants will gain insights into application auditing methodologies, assessing the risk of application software, and IT application control (ITAC) design, evaluation, and improvement. We will discuss the operational processes and internal controls for the following systems: Revenue, Disbursements, Inventory, HR/ Payroll, Cash Management/ Treasury, and CRM systems.


This seminar is not just for IT Auditors; it equips Audit, System Development, Compliance, Finance, Accounting, and IT Security professionals with the knowledge and skills necessary to ensure the integrity, security, control, and compliance of your critical business systems.The Auditing Business Applications CPE event is designed to provide participants with a comprehensive understanding of auditing techniques and best practices for business applications.


This internal control training course will provide each attendee with 18 NASBA CPE hours. Government attendees will satisfy their Yellow Book (YB) requirements. A Certificate of Completion will be provided at the conclusion of the class.


  • Details on Event Presentation

    Offered on Tuesday-Thursday once every six weeks in three six hour sessions for 18 CPE credits.

    The sessions will run from 9:00 a.m. to 3:00 p.m. Central Time Zone. There will be a lunch break from 12:00 noon to 12:30 p.m. each day.

    We can schedule private events on your timetable for two or more attendees.

  • CPE Event Highlights

    Information Technology controls are categorized as General Controls and Application Controls. This “Auditing Business Applications” seminar can be paired with our one-day, 8 CPE-credit, “IT General Controls” seminar, or taken as a stand-alone class. 

    As a stand-alone class, we will briefly cover ITGCs but focus on ITACs…how the business applications are identified and risk-ranked, and how their controls are documented, assessed, and improved. 

    We will cover various methodologies from COBIT, NIST, ISO, PMI, etc. and terminologies such as SDLC, DevSecOps, Agile Development and Testing, Identity Access and Management (IAM), Application Programming Interfaces (APIs), Immutable Backups, Recovery Point Objectives (RPOs), Recovery Time Objectives (RTOs), Moves-to-Production (MTPs), and others.

  • Learning Objectives

    Attendees will:

    • Understand the fundamentals of IT auditing and auditing business applications, including the role and importance of auditing in ensuring application system integrity, security, and control.
    • Gain knowledge of auditing methodologies and techniques specifically applicable to business applications.
    • Learn how to assess and manage risks associated with business applications, including identifying potential application vulnerabilities and implementing appropriate controls.
    • Acquire skills to test and evaluate the effectiveness of internal controls within business applications.
    • Develop an understanding of the criteria for inventorying and risk-ranking business applications.
    • Enhancing critical thinking and problem-solving abilities through case studies and discussion of instructors’ ITAC audits.
    • Build communication and reporting skills to effectively communicate audit findings and recommendations to stakeholders.
    • Obtain a comprehensive framework for conducting successful audits of business applications and ensuring compliance with organization and industry best practices.
  • Key Issues on the Agenda

    • Introduction and Concepts:  COSO Frameworks, Internal Control, Internal Auditing, IT Auditing
    • Overview of ITGCs, ITACs, and the Sarbanes-Oxley Act
    • How Business Applications Work
    • The Buy vs. Build Decision of Application Software
    • On-Premise vs. Hosted Applications
    • The Systems Development Lifecyle and DevSecOps
    • Personnel Responsibilities for Applications:  IT Management, Users, Business System Analysts, Application Developers and Software Engineers, IT Security, Computer Operations, Software QA, Testers, Consultants, Auditors   
    • Control Objectives of Business Application System Audits
    • Planning Application Audits, Assessing Application Risk, and Determining the Scope
    • Performing Application Audits:  Control Identification, Sampling and Testing Methods, Assessment, Workpaper Documentation
    • Application Security Provisioning and De-Provisioning, User Profiles/ Roles, Change Control, and Implementation Control
    • Controls over Application Input, Processing, and Output
    • Application System Backup and Recovery, RTO and RPO
    • Accounting for Software Costs
    • Reporting the Results of the Business Application Audit
    • Recommendations for ITAC Improvements


  • NASBA Program Disclosure

    Program Level of Understanding: Basic

    Prerequisites: None

    Advance Preparation: None

    Delivery Format: Group Internet Based

    NASBA Field(s) of Study: Auditing, Information Technology

    CPE Credits: 18, based on 50 minutes of instruction per hour

  • Summary of the Subject Matter

    The Auditing Business Applications CPE event is a comprehensive training program designed to equip participants with the necessary skills and knowledge to effectively audit business applications. This webinar event covers a wide range of topics related to auditing various types of business applications, including enterprise resource planning (ERP) systems, customer relationship management (CRM) software, and other critical applications used in organizations.

    During the interactive event, participants will delve into the importance of auditing business applications in today's digital landscape and understand the risks associated with these applications. The program focuses on providing practical guidance and best practices for evaluating controls within business applications, conducting risk assessments, performing data analysis, and ensuring compliance with relevant regulations.

    Led by an industry expert, the event offers interactive sessions, real-world case studies, and discussions that encourage active participation and knowledge sharing among attendees. The goal is to enhance participants' auditing capabilities, enabling them to assess the effectiveness of controls, identify potential vulnerabilities, and contribute to the overall governance and risk management processes within their organizations.

    Whether you are an internal auditor, IT professional, or compliance officer, this CPE event provides valuable insights and tools to enhance your ability to audit and assess business applications. Register now at to secure your spot in this engaging and informative training opportunity.

bottom of page