Self validating controls
Application controls are controls over the input, processing, and output functions.From the 30,000 foot view they include things like: Both automated controls and manual procedures should be used to ensure proper coverage.
Once all the tables are updated successfully (atomicity), we set a flag in the transaction log to say that particular transaction has been successfully applied.For this reason, direct access to data (specifically, “write”, “change”, and/or “delete” access) should be restricted and monitored. There are a variety of techniques and my favorite is to write my own “Test Data” and then run it through the “Production” system. As an auditor you will want to make sure that you begin your testing of the application as soon as individual units are finished, and you can call that pre-integration testing.But in order to accomplish this you will need to insure the existence of an ITF (Integrated Test Facility). Applications are here to stay, some large (SAP, People Soft) and some small (Quik Books) but there will always be applications and there should always be auditors to check that the controls are in place to ensure CIA.Editing procedures are preventive controls designed to keep bad data out of your database.
ISACA lists several Data Validation Edits and Controls among them are: Processing controls are there to ensure that the incoming data is processed according to “Hoyle.” No I’m not being facetious, as Hoyle established rules for playing cards and other games, so too, do business process owners establish rules for how particular data is to be processed through the application.
When we talk about input controls for applications we must look at: Authorization of input is just that, the data has been properly authorized to be input into the application system.