Module 6: Business Application Software Audit Chapter 1: Business Application Software Audit 1
Basic 2
Learning Objectives 3
4
5
6
Part 1: Enterprise Business Models 7
Introduction 8
Business Models and Controls 9
10
Business Model, Business Process and Business Applications 11
Business Process 12
Business Processes and Control Structure 13
Business Applications “Business Application”, may be defined as applications used by entity to run its business. The consideration is whether the said application covers / incorporates the key business processes of the entity. Another important consideration is whether the control structure as available in the Business Application is appropriate to help entity achieve its goals. 14
Business Applications 15
Business Model and Risk Assessment 16
Auditing Standards 17
Auditing Standards 18
Auditing Standards 19
Auditing Standards 20
Steps To Audit 21
Internal Audit Standards 22
Risk Assessment for a Business Application used by entity 23
Risk Assessment for a Business Application used by entity 24
Risk Assessment for a Business Application used by entity 25
Case Study 26
Case Study 27
Case Study 28
Conclusion: The part addressed the following. 29
Case for participants 30
Part 2: Business Application Software as per Enterprises Business Model 31
Introduction 32
Business Application Software: Parameters of selection 33
Business Application Software: Parameters of selection 34
Business Application Software: Parameters of selection 35
Types Business applications can be classified based on processing type or source or based on function covered. The most critical way for management is based in function it performs. 36
Types 37
Types Other Business Applications: 38
Types Other Business Applications: 39
Key Features and Controls for Business Applications 40
Conclusion: This part dealt with 41
Questions 42
1. Initial adoption of Business Model adopted by an organisation is dependent upon: 43 A. Business Applications B. Business Objective C. Controls in business applications D. Business Laws Answer: B Business Objectives shall be the prime reason for adoption of business models. Other answers may be valid reasons but are never the first reason for adoption of a specific business model. “A business model describes the rationale of how an organization creates, delivers, and captures value (economic, social, cultural, or other forms of value). The process of business model construction is part of business strategy.”rationaleorganizationbusiness strategy
2. The first activity to be assessed by IS Auditor is: _____________. 44 A. Business Application B. Business Controls C. Business Model D. Business Laws Answer: C Business Model, needs to be assessed first by IS Auditor. The, b and d, are assessment to be made later on. As an IS Auditor it becomes important to understand the business model adopted by an organisation for a better understanding of risk associated with business model adopted by an organisation.
3. Arrange the following in chronological order 45 A. Establishing the expected degree of reliance to be placed on internal control B. Determining and programming the nature, timing, and extent of the audit procedures to be performed C. Coordinating the work to be performed D. Acquiring knowledge of the client’s accounting system, policies and internal control procedures The correct serial order: A, B, C, D D, A, B, C D, C, B, A B, C, D, A Answer: B As per SA 00 SA 00 on “OVERALL OBJECTIVES OF THE INDEPENDENT AUDITOR AND THE CONDUCT OF AN AUDIT IN ACCORDANCE WITH STANDARDS ON AUDITING, the steps to audit as mentioned at point b.
4. ISACA ITAF 1202, states IS auditor needs the following for an enterprise: 46 A. Inherent Risk and Audit Risk. B. Detection Risk and Control Risk. C. Subject matter risk and Audit risk. D. None of above Answer: B ISACA ITAF 1202, states IS auditor needs to consider subject matter risk and audit risk. Subject matter risk, relates to business risk, country risk, contract risks. Audit risk, is define as auditor reaching incorrect conclusion after an audit. The components of audit risk being control risk, inherent risk and detection risk.
5. The best definition which fits ‘COBIT 5’ is that it is a: 47 A. Business framework for the governance and management of enterprise IT. B. System Audit Tool C. Management tool for corporate governance D. IT management tool Answer: A COBIT 5 can be best described as “Business framework for the governance and management of enterprise IT by ‘a’. Other answers are part of COBIT framework but not full Framework.
Thank you! Questions? 48