Skip to main content

Auditing Business Application Systems (0FFERED Virtually)

Back to Course Schedule
Date(s): Jul 14, 2020 - Jul 15, 2020
Time: 8:15AM - 4:30PM
Registration Fee: $429.00
Cancellation Date: Jul 07, 2020
Location: Online

Course Description



This two-day seminar is designed for financial, operational and information technology auditors who need to perform business application audits. Focusing on a top-down, risk-based approach you will learn how to assess key risks and controls in each stage of the application processing cycle and how to prioritize your audit approach to achieve optimal results in an effective and efficient manner. Discussions will include all aspects of a business application, including completeness and accuracy of input, processing and output.


You will learn techniques for identifying, prioritizing, assessing and evaluating application controls and procedures. You will leave the seminar with real-world examples of application control risks, control objectives, key application control assessments and testing techniques.

Potential CPE Credits: 16.0
Govt Hours: This class meets 16.0 hours of the 24-hour requirement for governmental CPE under Government Auditing Standards (yellow book), in most cases.
Technical Hours: This class meets 16.0 CPE credits of technical training in compliance with Texas Admin. Code Rule 523.102.

Instruction Type: Live
Experience Level: BEGINNING
Category: 02 Auditing

Course Objectives

Upon completion of this course, participants will be able to:

  • Identify types of business applications and transactions and associated risk
  • Use tools to perform business application audits
  • Recognize key risks and controls in the states of the application processing cycle
  • Test and document application controls


Introduction to Business Application Systems
• types of business applications
• objectives of an application audit
• application control ownership
• integrated auditing
• data vs. information


Business Application Transactions
• transaction-based application auditing
• application risk assessment factors
• establishing audit priorities 


Top-Down Risk-Based Planning 
• planning the business application audit
• defining the business environment 
• determining the application technical environment
• performing a business information risk assessment
• identifying key transactions
• developing a key transaction process flow
• evaluating and testing application controls 


Application Controls
• business application audit objectives
• application transaction life cycle
• transaction origination
• completeness and accuracy of input, processing, output
• output retention and disposal
• user review, balancing, reconciliation


Testing Application Controls
• testing automated and manual controls
• testing alternatives
• sample size
• negative assurance testing
• types of audit evidence
• CAATs & data analysis


Documenting Application Controls
• evaluating and documenting internal controls
• internal control questionnaires
• narratives
• flowcharts / process flows
• risk / control matrix


End-User Computing
• end user computing risks
• practical steps for evaluating spreadsheet controls


Auditing System Development Projects
• identifying business risks
• audit’s primary objectives
• traditional system development life cycle
• rapid application development
• managing audit involvement




No prerequisites required.Participant will need an internet connection, computer/laptop/tablet, speaker and microphone to participate in the class.


Richard H. Tarr

Richard Tarr is an audit and information systems consultant and President of Richard Tarr and Associates, a consulting practice that specializes in application and general control reviews and networks including the development and training of integrated internal auditing functions; quality assurance reviews; strategic planning; business continuation planning; and project management.

Mr. Tarr has more than 20 years in audit and information systems, with additional experience in the design and implementation of large financial and operational systems, includes hotel management and reservations systems and networks. He has managed complex development projects as well as participated in the design and acquisition of software and hardware architectures for both centralized and distributed environments. In addition he has had extensive experience in the development, training, and evaluation of internal audit departments in both government and industry.

Previously with the Walt Disney Company, he initiated and developed the information systems audit function, and served as the Corporate Information Systems Audit Manager. Mr. Tarr was a senior systems engineer with Electronic Data Systems (EDS), where he designed and implemented applications for financial industry clients. He has started and managed corporate audit functions, managed information systems development project teams and has supervised programming staffs in both government and industry. He was the Manager of Quality Assurance Review for the Institute of Internal Auditors (IIA) and is the author of the IIA’s publication Establishing an Internal Audit Function.

Among the seminars Mr. Tarr teaches for MIS are Sarbanes-Oxley for IT Auditors, Using COBIT in Your IT Audits, Auditing IT Governance, Sarbanes-Oxley: A Roadmap to Compliance, IT Audit School; IT Auditing and Controls, How to Audit Automated Business Applications, and How to Perform a General Controls Review. He also teaches Fundamentals of Internal Auditing, Advanced Auditing for In-Charge Auditors, and Data Driven Auditing: A Business Approach.

Additional Information

TAC Rule 523.142(g) requires the CPE Sponsor to monitor individual attendance and assign the correct number of CPE credits. Participants will be asked to document their time of arrival and departure in compliance with this Rule. Additionally, attendance will be monitored throughout the day and CPE certificates will reflect actual attendance of each participant.

Back to Course Schedule