Conclusion


                   Business application controls cover the full life cycle of the application, from planning and
                   development to support and management reporting. When considering the risks and scope of an
                   engagement to audit a business application, it is important to understand how the application
                   supports business needs and the role of external parties in every control category. This
                   understanding helps internal auditors provide value-added insight by focusing on the most
                   significant risks. Given the critical role of applications as enablers of business processes, a risk-
                   based audit plan should include engagements that evaluate standardized and system-specific
                   controls to determine whether significant risks are adequately managed.
































































                   23 — theiia.org