Application audit

What is an application security audit?

An application audit identifies, documents, tests and evaluates application’s control schemes that are initiated by the organization to achieve appropriate control objectives (in accordance with ISACA standards and guidelines and the COBIT methodology).

What are the stages of the application audit?

Etap 1

Stage 1: Planning

Getting acquainted with the mission, goals, responsibilities and structure of the company. This section defines the risk level of the application.

Etap 1

Etap 2

Stage 2: Initial Analysis

Become familiar with data management procedures, media storage, database handling and relevant applications.

Etap 3

Stage 3: Audit

Examination of general control mechanisms (COBIT method), operating in the sector of analysis for example, change management, service efficiency and system security.

Etap 3

Etap 4

Stage 4: In-deph Audit

Identification of application controls, documentation of high-level data flow and application of control mechanisms (depending on the level of risk and previously adopted goals)

Etap 5

Stage 5: Report creation

Preparation of the final report. Delivery of its findings to the Client’s management. The report lists, among others, detected weaknesses resulting from the lack of control mechanisms or their non-compliance.

Etap 5

Why choose an application security audit?

Application audit is a well defined process. Starting from defining the aims and most common pitfalls in a given type of application, to in-depth testing, ending with the final report. The audit analyses a wide spectrum of control mechanisms, which include but are not limited to, process management, external services in workflows and usual issues found in applications.

Need more information?