Scope of Application Security Memo

Subscriber Content
Screenshot of the first page of Scope of Application Security Memo

This memo outlines the assumptions and decision criteria used to scope the documentation efforts around application security.

In this sample, management classified application security as a high-risk process. Management evaluated several attributes and concluded that the process holds the following attributes: highly dependent on manual intervention, has a lack of segregation of duties in key tasks, is moderately people dependent, and involves a moderate level of judgment or assumption. In addition, management considers application security an IT entity–wide process and therefore its control environment affects all financial statement elements.


Topics
IT Risk
Risk Assessment
IT Audit
IT Controls
IT Security
Internal Controls

Related Resources

Audit Programs

Application Security Review and Testing Audit Work Program

Audit Programs

Application Controls Audit Work Program

Audit Programs

Systems and Application Audit Work Program

Free Trial

Sign up for a free, no-obligation trial to start exploring our timesaving, valuable resources.

Let's Do It