Dr. Dan Kneer Advisory Group
|
Dr. Dan Kneer Advisory Group |
|
|
Auditing Paperless ApplicationsThis course is for both IT audit and non-it auditors. What we are talking about here is the audit of a core business process which has been transformed into a paperless (likely more real-time) application. We will skip the old, and tired argument (e.g., an audit is an audit) by simply saying that your assertions don’t change as the application goes paperless, but you risks and objectives (and thus scope) sure does expand. We’ll use the CobiT, the IIA GTAG/GAIT and the SASs to give us a proper control framework. Then we’ll look at controls at the development, access and production/process environments. Let’s not make this overly complicated; it's still a business process that we are looking at. It has simply changed its form, and platform … which changes some risks. In it’s new form, this core process probably “touches" business partners (B2B), governmental agencies (G2B) and consumers (C2B) more easily. (That’s a GOOD THING for business; possibly a scope issue for auditors). But the good news is that this process IS auditable. We just need to stand back, and “see it as it now is.” |
|
Copyright © 2009 Dr. Dan Kneer Advisory Group.
All rights reserved. Last Updated: 30 July 2010 |
