Page 43 - ITGC_Audit Guides
P. 43

Applications









                   Application Architecture


                   Application architecture involves the design and
                   behavior of an organization’s applications and        Resources
                   focuses on their interaction with other applications   For more information on IT general
                   and with data and users in support of business        controls, see IIA GTAG
                   cycles and functions. An organization’s architecture   “Information Technology Risk and
                   should be designed in alignment with its              Controls, 2nd Edition.”
                   requirements and business strategy, and have
                   proper controls to ensure completeness, accuracy,     For more information on
                   and authorization.                                    application controls, see IIA GTAG
                                                                         “Auditing Application Controls.”he
                   Considerations should include interaction among
                   application packages and users, data integration,     cover, logo, and references in this
                   and how systems are designed to work together with    guide have been updated. The
                   the network and infrastructure. Within architecture,   content has not changed.
                   the scalability and capacity of applications should be
                   a consideration because of potential business growth, change in organizational priorities, and
                   other factors. Consideration for the extent of business fluctuation raises potential integration
                   problems or gaps in functional coverage. For planning purposes, strategies can be developed to
                   identify systems that may be functional now but at-risk to sustain the pace of change and the
                   need for data integrity, reliability, or availability.

                   Understanding an organization’s application architecture allows internal auditors to appreciate how
                   multiple applications are strategically aligned to accomplish a business operation. For example, a
                   cloud-based platform may combine multiple technologies and SaaS-provided applications to
                   deliver a specific business process. Management would then design a combination of application
                   controls, IT general controls, and ongoing monitoring sufficient to address applications managed
                   both on premise and off premise (potentially by third-party service providers).

                   Web or Internet Applications
                   Application architecture for web applications usually requires a web server that is accessible from
                   the internet, and which usually resides in the DMZ. Scripting languages used to write application
                   source code include Java, C, Python, Ruby, PHP, and others. Examples of web applications
                   includes sites such as www.amazon.com or www.rakuten.co.jp. Any user with internet access can
                   reach these applications. The web server usually only handles the interface with the user over the
                   internet.








                   35 — theiia.org
   38   39   40   41   42   43   44   45   46   47   48