Audit and Development of Application Controls

THIS CHAPTER LOOKS at the audit and development of application-level controls including input/origination controls, processing control procedures, output controls, application system documentation, and the appropriate use of audit trails.


Systems may be defined as a set of elements or components that interact to accomplish goals and objectives. These systems may take the form of systems that perform business-related activities (application systems) or systems that help the computer itself function (operating systems). In this chapter, we will concentrate on the auditing of application systems.

Characteristics of good systems include all of the following attributes:

  • Accuracy
  • Completeness
  • Economy
  • Reliability
  • Relevance
  • Simplicity
  • Timeliness
  • Verifiability


Systems themselves come in all shapes and sizes and may be categorized into:

  • Simple versus complex. Simple and complex systems face the normal risks of inaccuracies, incompleteness, and so forth, but complex systems, by their very nature, are more likely to experience these problems because the more complex a system becomes, the harder it is to adequately test and the easier it is for a systematic error to go undetected.
  • Open versus closed. Open systems are more vulnerable to both errors and attempted penetration. This is a factor of the number of sources of input and output as well as the degree of systems interactivity.

Get Auditor's Guide to IT Auditing, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.