Business Process Applications and Controls
Working knowledge of the business environment and business objectives is required to plan a risk-based audit. The IS auditor should have a sufficient understanding of the overall architecture and the technical specifications of the various applications used by the organization and the risks associated with them.
In understanding the issues and current risks facing the business, the IS auditor should focus on areas that are most meaningful to management. To effectively audit business application systems, an IS auditor is required to gain a thorough understanding of the system under the scope of the audit.
The following are some of the widely used applications in business processes. The CISA candidate should be aware of the risks associated with each of them.
E-Commerce
Start with understanding how e-commerce works:
- Single-tier architecture runs on a single computer, that is, a client-based application.
- Two-tier architecture...