(HAPTCA - 08

APPLICATlON CONTROLS

Q APPLICATION ? otware8
Applicat,o
9. APPLICA UON Co)thol a | ? ’ Viquo to each
a,
4 Abp catioy Conhol d Key leoruts
?
Kisks to ttie ydudi de d Autty

spe cific Softoare used

is q
ppieatonloticatien Bysines procas. 9+ Coutd ae
he q
perfonm q Spe ific an inueutsy aytan
to
system,
Payoll system, q
Enterbrise Rasarce Syetan(ERRY
postibly,qn indeqratid
nterbrise Resource Pahning
SRP -
Cott hau dinet imbact
’ Aicion Hieus.
indijdual trqnsac
Procasing od
Contos Rauies a Business
AT Auditor etity

design eperation d
nternal Contos, d inclpendaut
eHte efetiueness iccency Aprictien
fott
qssesemeut Proujda oszrr shecial AHentien-k
Relet ns
& jssue

tsqusaciona
-y Apphcoton Contas,individual
etopictiy
clioeby selatrq , tor a Auditur o
 dat) appiction Reuie Aþroach, ifferet t 0ft
cudit GH audit vary 49t

ABication Reuiew- Miqut be focuse on

Staudards cowapliqu e
how bySines gules qu ranalat o
Jesforwanco Aidit
into tue obrlicatien

nfoseti on Security - focus nigy be on absonag

Anay s CIA Data.

Abpli cation Rauiew ycle.

under staudingtte
\business poces

Applicstion
Conols

RisK fdbti fcaten)

( hder stauding te Business oceys
pro ’
Gbtujn qn overujew tue busin bro s
dutowatol by tue arlicatien its Ruly, qctors,
ou's, Roles qud reatad CouAiqnce guYeweut ?
ith tis auditur is asle to wrify tue Cogikuc
od He abication Contos nd the aouatad prces.
To lbelter Undnstualiug t bubihess dudit teqm wigut
neet to husiness Mqnagus Terecutiy ad key Usel
 Apiatio aud its enuiron met;.
- Stuayy qud behaui sur ty apl;tion
ihen by
æReuiewinq Docuneutetion (orgori odion dingas,

(Ö) R Snter vjeojng ky Personne).

<3> Risks I deudi ficati on:

Mainly to idudity isk associtud bwits tu

abalicatey
buines actiwty /functieg Serue by tue
risk que hand le by
qud to See how tuee

to adtress
Used to address tus eribeut Risks.
Accesing Contos'- Used
<4> Accessing

Koy Eeneut od Aþþli coti on Conhols

<1) Ioput Conto
Conto
Procsing
<3) autput Controt
<4) Appliction Security lontrot
’AFicati on Controt eusUIe qud pokct tue qccua4,
oeliability qud Confidutiality infuratien.
intgrity, tsangachËon cne auttor|Sed,
1T ensure thatjnutiatien earded.
Valid inbut data js procesed Raagrad ad
 eleueut
neseoulet qud qceurqy autantety,
adequte dgo, tor inhut god thrugh
mjsed mjnj t be Cqn
inteface yskm manual becqn ut in Pata
incotion abhli tue Dy
Mannen. iwely
qcupted 'js dotaCoblete qud eliableAccyzote,
authoristien eratien, prep dota
so
tt eutry qud
gud vaidat to
ate
act tue autheucti obiechie
ot The
Contr þuin the
aue Sbeciue
frocadyres
Managamet Pocumeut Source ()
Checks
Cantrols?: Snput flemete
Contols;. þut In<1>
<9 f'soesSi ug Controls.
Objectiue o Seek to protect data iutay ,volid ty
ogiat pro cesivg orvess
audaeliabiity ad uard
sausachon poceoi
Hue

valid data (iugutdota) is

Ao esy tuat ero
erONelus
Guce
Qud dtactien ot
Poocassedl daes not disrut
tansacien
toasachons.

nude
Sequsuce ad dafticatiog
Gcleckiug fr tionRecosd Cout
transac
eTpor trrs
ntegity checka, Contaof aud
Kfeania
check aud
Hash otols ag
buter uer plo

Control
ceckig
excapion qud suspeuse
tetos pectiue bot
acceut Batorti
 <3> Butput Cotrot
-fo eusure Huat trqusacti' on Gutput
is Conplete, accurat qud Corretly
ishibutad.
Aso geetk to pdtkct data, po aased
Nodification qd cistibution

Abpicotien Secuoi ty Control:,

<4> Aþi
information att e
sejeciue Jo Maiutçn C.I.A o
otplicatin layee.
Yndiuidual User lDs
Aplicatious Cau be acaoset thregs
co Sso (singe -Siqn-on) Mechauisms.
dud pass nwTds
Atpli cation USer f

jsiojg Conto i t
de- pro
troi siou
ypli calion Secur ty
oes, Qud
Auditss need 4o Understaut te atrs,
 Auditable issws phcalo, Stcoprty

(2) Trashil, t Transachiens

. ransactjen
Use
qud

Nanagenent lemussjon qud Paswod

(i) User qcovut,

gust,test qud Geuerjc a(6uts ,

Use od
and adniui stoatnCentls,
foialedod Vokju Aces
frocadyes fer grautiuq aud Re
þrocedure qud accUS Contof
-Job teshntion
tho least piuilege prinaple
Adoptior of qccess fo prodycio9
-IT deueloþyeut fean
dotabase quat
- fommal Proadares fee apfoa

Gnforcayent Passw eutnfhons, e

 Comos to esure tha
Slaudig (3 ounet) doti fotcio
- Ameudmeuts to stqudig data ae authmced

made,
changos
data is up. to dote qud accbrat
mtegrrty te Masteriles is Muntojd,
Bhlier amt caast custonesr datail
Shaigdata ’ sbþhone tlo. e ndo)
(Nae, aldres
nfltion Rats, yshem adistration
data (sueh as pass word files qud ar
Con trof perinjssjong

dties aud Begregston dy htii

-dfeveat User Rales

availabe Per each bUser þrotile

Accees gt duty

Rchs To tu Audited Antiy:

Businey
Usualy Based on tue Natise

eal disastery aud loN f liues

dis sotisfa tion to senica
May loee Narket shnt ifg
ojos salion
be como unauaioble
shautnd cgn lead
Abseuce
to Cout Suits:
(4) In He absere Tntut Controls:
- Data ro Ceyye d by afpli caton qt be in tousisteut
qud
In te abseu co ert Propee input con fros aw teo
fraddat oaigot

AA Popen Ma hagewsnt d Sore docy weut qud

also qn
dota eut authsojsatog

Inportaut Kiud y inhut Controt.

9, tue obgeuca Ppauper managemed
not be

Possible to tace te oure inforNdi

g Counliouco nignt net be acicund

be
infimged
(3ooj4)
bwelied datg nay be inserted ntta te
obpieaton.

(2) frocong
erors qud tail tomet
-May kead to poceing
bui hes

toansachiond
 (3) bsen ce Guctput lontos:
-May kead to tisks o onautho nsed data moditton
(reation Cutomised Manageut
qud bregch dta congideutjlihy.

( Aplicti on Secyntyi
Mecha wsms

may wate t
35o mdiuul userID 2Paxs oerd)
mis hahai Gur batk to t u
ble to trace
/mþossi
dut.
secunty may lea to
- Lack y Apliction enity,
ConsequeyCas itn vonyiy degree d

loss od in(omey
L seria disution
loss d Cred bilit
y Busines mieruption

y qud ntellectul property abuse.