Scope Based Application Audit

  • Home
  • Scope Based Application Audit

Scope Based Application Audit

 The Web Application Security Test Checklist was developed specifically for performing security tests on web applications. With over 90 different controls this checklist is the standard for Security Testers.

Generic Application Audit

The first set of new audit/assurance programs (‘audit programs’) based on COBIT 5 will be for conducting assurance over a process. The programs are aligned with generally accepted auditing standards and practices and are based upon the overall assurance engagement approach which is divided into three phases:

• Phase A: Determining the scope of the assurance initiative
• Phase B: Understanding enablers, setting suitable assessment criteria and performing the assessment
• Phase C: Communicating and reporting the results of the assessment.

The audit programs are fully aligned with COBIT 5:
• They explicitly reference all seven enablers. In other words, they are no longer exclusively process-focused; they also use the different dimensions of the enabler model to cover all aspects contributing to the performance of the enablers.
• They reference the COBIT 5 goals cascade to ensure that detailed objectives of the assurance engagement can be put into the enterprise and IT context, and concurrently they enable linkage of the assurance objectives to enterprise and IT risk and benefits.

The audit programs are comprehensive yet flexible. They are comprehensive because they contain assurance steps covering all enablers in quite some detail, yet they are also flexible because this detailed structure enables clear and well-understood scoping decisions to be made. That is, the assurance professional can decide to not cover a set of enablers or some enabler instances and, while the decision will reduce the scope and related assurance engagement effort, the issue of what is or is not covered will be quite transparent to the assurance engagement user.

Executive Summary

Firewalls have become victims of their own success. These ubiquitous network security devices are the first line of defence for the business network, examining an endless stream of network traffic against a set of established rules. Over time, the exponential growth in web applications, e-commerce, communication tools, and networked business applications has led to a similar exponential growth in firewall complexity. In a typical organization today, a single firewall may be configured with thousands of rules to define network access policies, allowed services, routing rules, and more.

A firewall is a device or collection of components placed between two networks that collectively have the following properties:
All traffic from inside to outside, and vice-versa, must pass through the firewall.
Only authorized traffic, as defined by the local security policy, will be allowed to pass.


Application function

Applications supporting business processes and ERP systems have numerous built-in control functions (controls), which support the operation of a certain department or are used for avoiding errors or fraud (examples of such controls cover approvals based on certain amounts, control reports, data input and transfer controls, etc.). As a result of our audit we identify the missing controls and the control deficiencies, and provide recommendations for the correction of these. We can also identify, map and assess the compensating controls related to the deficiencies of controls built-in to the systems. The compensating controls are meant to decrease the risk of system control weaknesses; typical examples cover posterior manual reconciliation of an improper interface. As a specialty, we have significant experience and toolset for reviewing SAP related IT and business controls.

E-Business Suite

Most Oracle E-Business Suite implementations do not fully take advantage of the auditing and logging features. These features are sophisticated and are able to satisfy most organization’s compliance and security requirements. The default Oracle E-Business Suite installation only provides a basic set of logging functionality. In integrity’s experience, the implementation of database and application logging seldom exceeds meeting the needs of basic debugging. Most organizations do not know where to start or how to leverage the built-in auditing and logging features to satisfy their compliance and security requirements. Even organizations already using centralized logging or Security Incident and Event Management (SIEM) solutions, while being more advanced in the Common Maturity Model (CMM), in integrity’s experience are commonly challenged by the E-Business Suite’s auditing and logging features and functionality.

Systems Applications Products

Systems Applications Products audit is an audit of a computer system from SAP to check its security and data integrity. SAP is the acronym for Systems, Applications and Products. It is a system that provides users with a soft real-time business application. It contains a user interface and is considered extremely flexible. In an SAP audit the two main areas of concern are security and data integrity.

CBA Audit

The rapidly expanding sector of Banking with emerging progressive trends due to globalization, liberalization, increasing environment complexity, regulatory requirements and accountability have brought about new demands to manage and achieve assurance needs., In the area of Assurance, typical challenges that banks face today are:

• Increasing regulatory and security requirements.
• Effective risk management to maintain competitive edge.
• Providing superior levels of customer service.

We understand our banking customers’ needs clearly and contribute to their business excellence by strengthening their controls and providing simple, robust mechanisms to maintain the cutting edge. Our highly mature, proven and effective solutions in risk analysis, risk and compliance audit, IT risk assessment and audit, compliance risk management, and other allied areas provide a bouquet of benefits for banks.

Financial Software Audit

The ERP/Software Audit involve a detailed review and validation of the existing ERP / software system in terms of its functional performance. A full-fledged mapping of the existing business process in relation to the application software is carried out. Based on the same, the utilization of all functional modules are captured and evaluated.

An important factor for success of any application implementation is utilization levels by the users. The Audit analyses, records and evaluates the utilization. Further, the existing access controls of the users are reviewed and a detailed analysis of MIS reports are performed.