Assessing IT General and Application Controls: Basics for Internal Auditors
Skip Ribbon Commands
Skip to main content

This system library was created by the Publishing feature to store pages that are created in this site.

Assessing IT General and Application Controls: Basics for Internal Auditors

courseType Technical Skills, Non Financial Sector

Course preview

No content to display

Course content

General course details

No content to display

Show interest form

Please fill this form and you will get notified when a new session is available.

* * * * *
  terms and conditions.

*  required information

Contact PwC's Academy

Phone +352 49 48 48 4040

PwC's Academy
2 rue Gerhard Mercator
L-2182 Luxembourg
map & driving instructions

cancellation policies

general terms and conditions

Cofinancement de la formation: les nouvelles dispositions législatives 2018

Pour plus d'informations veuillez consulter notre article.

Ou directement : Lifelonglearning​​

Interested in a in-house workshop?

Please let us know if you are interested in organising this training course as an in-house training workshop.

Send us more information

Related courses

General course details


Not only is a large percentage of internal controls essential to today's organisation’s proper operations, but possible control deficiencies in the IT systems will also exert a greater impact on the company’s operations (especially in highly automated environments).

Thus, it is vital for internal auditors to cover IT risk in the audit universe - in particular, testing the IT General Controls and Application Controls to ensure confidentiality, integrity and availability of IT systems and data. Testing those controls also allow to improve effectiveness and efficiency of IT systems and processes, as well as, to provide IT-related assurance to Management.

In this respect, as Internal Audit (“IA”), you are likely to face the following challenges:

- You have to integrate IT Risks within your audit plan,
- You realise the benefits of an integrated audit approach but do not know how to implement it
- In case of a significant update of the IT infrastructure or a new application, you know that this will represent a key aspect of your annual plan, but you don’t know how to approach it to provide sufficient assurance
- If your company launches a new service through the web or will start Electronic Data Interchange with key suppliers, how will you be involved to be able to provide an assessment before the go-live?

To assist you in facing these challenges, PwC's Academy offers this dedicated training programme designed to provide internal auditors with the concepts and practical tools on IT General and Application Controls necessary to scope, execute and report on an IT audit.


Upon completion of the course, the participants will be able to:
  • Describe how an IT audit can be integrated with other audit reviews
  • Develop an IT audit plan
  • Refer to and use well-known frameworks and existing materials to scope, execute and report on an IT audit
  • Assess an IT control environment
  • Identify key IT risks and test key controls in relation to information security, systems development, program changes and computer operations
  • Identify the different types of application controls, their related objectives, and how to test them
  • Analyse and report IT exceptions


Introduction – IT audit in perspective
  • Relevance of Information Technology
  • IT environment
  • IT audit definition and objectives
  • The COSO framework
  • Information Technology General Controls (ITGCs) 
IT auditing standards
  • IT Assurance Framework (ITAFTM)
  • Standards: COBIT, ITIL and ISO
  • IT Assurance Guide Using COBIT®  
Developing the IT audit plan
  • Types of IT audits
  • Developing the IT audit plan
  • Integrating IT audits in other audits
  • Common pitfalls
  • Toolbox
  • Controls testing strategies
  • Treatment of exceptions
ITGC in details- IT control environment
  • The COSO framework
  • Applying COSO to IT
  • Exercise
ITGC in details – Information Security, program changes, systems development and computer operations
  • Main points of focus (key risks)
  • Types of tests
  • Examples of controls / tests
Application controls
  • Definition
  • Application Controls vs. ITGC
  • Types of Application Controls
  • Flowcharting of business processes
  • Control Matrix
  • Testing
  • Sample audit plan

Target audience

  • Junior and experienced internal auditors with no or limited experience in IT audit, who want to understand how they can make the link with work done at IT level and how they can contribute to the scoping of IT audits
  • Junior and experienced IT specialists, recently integrated into an internal audit department and with no or limited experience in audit who need to be able to define IT audit plan and execute audit assignment, fully aligned with the company audit universe.


This training will be coordinated by Pierre François Wery, Partner of Risk Assurance Services, PwC Luxembourg.
Pierre Françcois Wery, 
Responsible for Governance, Risk and Controls, Pierre-François is Réviseur d’Entreprises Agréé, Master in Law and Certified Fraud Examiner.
He is a Board Member of the Institute of Internal Auditors Luxembourg (IIA) and he is a member of the Luxembourg association of Compliance Officers (ALCO).
He has  22-years experience in Internal and External Audit, Forensic and Advisory services in the financial, commercial and industrial sectors in Luxembourg.



This course can also be delivered in French.

Number of participants

Limited to 15 participants to ensure the right level of interactivity.


2 days

© 2019 PricewaterhouseCoopers Academy S.à r.l. All rights reserved. "PwC" refers to the network of member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity.
This website uses cookies to provide a personalized browsing experience and appropriate site functionality.
By using this site, you agree to our use of cookies as outlined in our cookies policy. More information