New! GTAG: Auditing Business Applications
Guidance is restricted to IIA members only.
(Supersedes GTAGs 8 and 14)
Business applications are crucial enablers of business processes and may comprise single software programs or a collection of hardware, firmware, and software applications operating as an integrated system. This GTAG helps auditors understand why it is important to provide assurance over business applications and how to identify and assess the relevant risks and standardized and system-specific controls when performing audit engagements.
This guidance will enable internal auditors to:
- Understand relevant risks and opportunities related to business applications.
- Gain a working knowledge of the full life cycle of a business application, from planning and development to support and management reporting, along with the relevant risks and controls.
- Become familiar with relevant guidance from three widely used control frameworks.
- Plan and perform engagements to provide assurance over business applications.