GTAG-8 Auditing Application Controls: Glossary
Most common ITGCs:
• Logical access controls over infrastructure, applications, and data. • System development life cycle controls. • Program change management controls. • Data center physical security controls. • System and data backup and recovery controls. • Computer operation controls.
Application controls
Application controls are specific to each application and relate to the transactions and data pertaining to each computer-based application system. The objectives of application controls are to ensure the completeness and accuracy of records and the validity of the entries made resulting from programmed processing activities. Examples of application controls include data input validation, agreement of batch totals, and encryption of transmitted data.
Segregation of duties
Controls that prevent errors and irregularities by assigning responsibility to separate individuals for initiating transactions, recording transactions, and overseeing assets. Segregation of duties is commonly used in organizations with a large number of employees so that no single person is in a position to commit fraud without detection.
Data input controls
Data input controls ensure the accuracy, completeness, and timeliness of data throughout its conversion after it enters a computer or application. Data can be entered into a computer application through a manual online input or automated batch processing.
Data output controls
Data output controls are used to ensure the integrity of output information as well as the correct and timely distribution of any output produced. Outputs can be in hardcopy form, such as files used as input to other systems, or can be available for online viewing.
Data processing controls
Data processing controls are used to ensure the accuracy, completeness, and timeliness of data during an application's batch or real-time processing.
Enterprise resource planning (ERP)
ERP denotes the planning and management of resources in an enterprise, as well as the use of a software system to manage whole business processes and integrate purchasing, inventories, personnel, customer service activities, shipping, financial management, and other aspects of the business. An ERP system is typically based on a common database, integrated business process application modules, and business analysis tools.
Risk
The possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood.
IT general controls (ITGCs)
These controls apply to all systems components, processes, and data for a given organization or IT environment. The objectives of ITGCs are to ensure the proper development and implementation of applications, as well as the integrity of program, data files, and computer operations.