Audit Services

Application Security Audit

An application system security audit pertains to an audit of a specific application system or business process. The audits can be performed during system development, post-implementation, or on a regular basis (e.g annually).


Objective of This Assessment

Ensure the effectiveness of security controls implementation according to the design documentation and requirements
Ensure the implemented controls sufficiently mitigate the identified risks
Ensure the effectiveness of system application security

Approach & Methodology

An Application Audit, should, at a minimum determine the existence of controls in the following areas:

System Application Development & Acquisition
Application Control Review, which consist of security control during input, process and output phase.
IT General Control Review of the IT Operation Run and Support
Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP)
End User Computing Support
Third Party and Outsourcing Services Monitoring and Control

Step 1

Audit Plan, Objective & Scope.

Step 2

Preliminary Assessment & Information Gathering.

Step 3

Evidence Collection & Evaluation

Step 4

Documentation & Reporting