Auditing ITGCs and Application Controls
Master the essentials of auditing IT general controls (ITGCs) and application controls. Learn how to evaluate design and operating effectiveness, identify red flags, and document audit findings through real-world case studies and practical examples.
Course Description
Course 4 of 9 in our IT Auditing Learning Path! Auditing ITGCs and Application Controls is an intermediate-level course designed for auditors, accountants, and compliance professionals who want to strengthen their IT audit skills. You’ll gain a practical understanding of how ITGCs form the backbone of secure systems and how application controls safeguard data integrity within business processes.
Through case studies, walkthroughs, and guided audit examples, you’ll see how these two layers of control interact, where common red flags appear, and how to adapt audit procedures when deficiencies are found. The course also explores ERP and cloud-based SaaS environments, giving you tools to address today’s most common IT audit scenarios.
By the end, you’ll be equipped to perform effective, well-documented audits that provide assurance over both IT infrastructure and application-level processes.
This course covers topics that align with concepts addressed in Domain 4 of the Certified Information Systems Auditor (CISA®) exam framework. It is not affiliated with, endorsed by, or sponsored by ISACA®, nor does it guarantee exam preparation or certification outcomes.
In this course, you'll learn...
Course Objectives
To identify the key components and objectives of ITGCs and application controls in an audit context.
To plan and execute ITGC testing procedures, including walkthroughs, sampling, and evidence documentation.
To recognize common deficiencies and red flags related to ITGCs and application controls.
To evaluate application controls over input, processing, output, and interfaces to ensure data integrity.
To apply business rule validation and exception handling audit techniques to real-world scenarios.
To assess the risks and unique considerations when auditing SaaS and ERP-based systems.
How you'll apply these skills...
Evaluate ITGC Effectiveness: Test access, change management, and backup processes to confirm controls are designed and operating as intended
Spot Red Flags: Identify weaknesses such as stale accounts, missing change documentation, or weak segregation of duties before they become audit findings
Test Application Controls: Validate input, processing, output, and interface checks to ensure data accuracy and completeness across systems
Audit ERP & SaaS Systems: Apply control testing techniques tailored to enterprise platforms and cloud-based applications
Document Audit Findings: Build clear, evidence-based conclusions with impact statements, root cause analysis, and management action plans
Strengthen Audit Efficiency: Leverage strong ITGCs to reduce testing volumes, rely on automation, and streamline audit fieldwork
Course Instructor
Michael Carroll, CPA, CISA, CISM
Michael is an accounting and information security professional. He is also an Adjunct Professor at several higher education institutions, where he is responsible for teaching various accounting and information technology courses.
Michael earned his MBA in Accounting and B.S. in Accounting / Accounting Information Systems from Canisius University. Additionally, Michael is a Certified Public Accountant (CPA) and a Certified Information Systems Security Professional (CISSP). Michael is a current member of the NYCPA’s Education Committee and has been an Advisory Board Member for the Academy of Finance (AOF) since 2020.
Michael enjoys traveling, hiking, and watching the Buffalo Bills. He has also participated in several marathon events.
Course Content
Additional Info
Format
5-20 min. videos, 2 quizzes, and a final assessment
Field of study
Auditing
CPE Credits
CPEs 3.0
Prerequisites
Completion of the first 3 courses in our IT Audit Learning Path is recommended.