Tommie W. Singleton, Ph.D.,
CISA, CGEIT, CITP, CPA, is
Auditing Applications, Part 1
an associate professor of
information systems (IS) at
Columbus State University
(Columbus, Georgia, USA).
Prior to obtaining his
doctorate in accountancy from
the University of Mississippi
(USA) in 1995, Singleton was
president of a small, valueadded dealer of accounting
Auditing applications is a common type of audit
for medium and large companies, especially when
some of the applications are developed in-house.
There are some basic principles of auditing
applications that IT auditors need to know and
understand. This two-part article describes one
framework for performing effective audits of
applications.
using microcomputers.
Singleton is also a scholarin-residence for IT audit
and forensic accounting at
Carr Riggs & Ingram, a large
regional public accounting
firm in the southeastern US. In
1999, the Alabama Society of
CPAs awarded Singleton the
1998–1999 Innovative User of
Technology Award. His articles
on fraud, IT/IS, IT auditing and
IT governance have appeared
in numerous publications.
Do you have
something
to say about
this article?
Visit the Journal
pages of the ISACA
web site (www.isaca.
org/journal), find the
article, and choose
the Comments tab to
share your thoughts.
Go directly to the article:
1
ISACA JOURNAL V OLUME 3, 2012
Consideration of Purpose
One of the key drivers of an application audit
throughout the process is the conditions or
circumstances by which the audit arose. That
is, what is driving the need for the audit? Is
it a regular audit plan? Is it an ad hoc audit?
The need is usually directly associated with the
primary objective of the audit. For example, if
management wants to gain assurance that a new
application is performing as designed, that fact
will drive the audit objectives and plan.
A FRAMEWORK
A process-oriented framework includes steps
similar to the following:...