IT Application Controls : An Important Area of IT (Technology) Controls in Business and IT Landscape and Governance

Are you wondering what IT Application Controls are or Are you looking for an IT Application Controls Checklist ?? Let Starts….

o?? Introduction of IT Applications Controls:

• Wikipedia - IT application or program controls are fully automated (i.e., performed automatically by the systems) and designed to ensure the complete and accurate processing of data, from input through output. These controls vary based on the business purpose of the specific application.
• IIA – IT Application Controls are those controls, which are embedded in business process application (s).
• IT Application Controls works efficiently and effectively only, when Strong IT General Controls exist across the organization and the same are working efficiently and effectively.
• IT Application controls are built into the application code by programmers during the system development process. Such controls can be part of standard application available in the market or more controls can be build in application by the organization through customization process.

o?? Purpose of Application Controls:

• Input Data is Accurate, Complete, Authorised, and Correct.
• Data is processed as Intended in an Acceptable Time Period and processed only Once. a) In Acceptable Time Period:

i) SLA (Service Level Agreement) - Customer Service Perspective

ii) TPT (Throughput Time) - Team Efficiency Perspective

b) Processed only Once:

i) No Duplicity

ii) Created Once, Used Everywhere (System Integration)

• Data Stored is Accurate and Complete
• Output are Accurate and Complete
• A record is maintained to track the process of data from Inputs to Storage and to eventual Output.
• Processing results are received by the intended users.

o?? Areas of IT Applications Controls:

• Authorization
• Validation
• Error Notification

o?? Types of IT Applications Controls

• Application Input Controls - The most economical point for correcting input errors in an application is the time at which the data is entered into the system. This fact makes IT application input controls, an area of focus for both internal controls team as well as internal audit team / IT Audit team.

§? Batch Input Controls:

a) Financial Totals ($ Amt / $ Value)

b) Records Counts (Row Counts)

c) Hash Totals (Total / Sum of Non-addable Fields)

d) Management Release (Park-Post)

§? On-line (OLTP) Input Controls:

a) Preformatting

b) The Dialogue Approach

c) Field (Edit) / Format Check

d) Limit (Reasonableness) and Range Check

e) Validity Check

f) Check Digits

g) Sequence Check

h) Zero Balance Check

i) Completeness Check

j) Closed-loop Verification (Screen Simulation)

k) An Edit Routine

• Application Processing Controls - Processing controls provide reasonable assurance that (1) all data submitted for the processing and (2) only approved data are processed.

a) Limit Check

b) Batch Control Check

c) Concurrency Control

d) Validation

e) Completion (Completeness)

f) Arithmetic Control

g) Sequence Check

h) Run-to-Run controls totals

j) Key Integrity?

• Application Output Controls - Output controls provide assurance that the processing result (such as account listings or display, report, files, invoices, disbursement checks or payment run) is accurate and that only authorized personnel receive the output.

a) Transaction logs

b) Error Listing

c) Records Counts

d) Run-to-Run Controls Totals

e) Periodically reconciling the output reports

f) Formal procedures and documentation, which specifies authorized recipient of output (data or report)

k) Credentialing

l) Secure File Transmission

m) File Encryption

o?? Segregation of Duties (SOD) Controls

The basic concept for segregating duties is that no single individual should have control over all phases of a transaction.

All application needs to be checked w.r.t. SOD Conflicts and SOD Conflicts needs to be mitigated either by removal of incompatible authorization or sought business approval over SOD conflict.

o?? Integrity Controls

Integrity controls monitor data being processed and in storage to ensure it remains consistent and correct.

o?? Management Trails (Audit Trail)

Management trails or Audit trails are processing history that enable management to track transactions from their source to their output.