Checklist for Auditing Applications

- Review and evaluate data input controls.
- Determine the need for error/exception reports related to data integrity, and evaluate whether this need has been fulfilled.
- Review and evaluate the controls in place over data feeds to and from interfacing systems.
- In cases where the same data are kept in multiple databases and/or systems, periodic ‘sync’ processes should be executed to detect any inconsistencies in the data.
- Review and evaluate the audit trails present in the system and the controls over those audit trails.
- The system should provide a means to trace a transaction or piece of data from the beginning to the end of the process enabled by the system.
- The application should provide a mechanism that authenticates users based, at a minimum, on a unique identifier for each user and a confidential password.
- Review and evaluate the application's authorization mechanism to ensure that users are not allowed to access any sensitive transactions or data without first being authorized by the system's security mechanism.
- Ensure that the system's security/authorization mechanism has an administrator function with appropriate controls and functionality.
- Determine whether the security mechanism enables any applicable approval processes.
- Ensure that a mechanism or process has been put in place that suspends user access on termination from the company or on a change of jobs within the company.
- Verify that the application has appropriate password controls.
- Review and evaluate processes for granting access to users. Ensure that access is granted only when there is a legitimate business need.