Auditing Embedded Controls
Controls embedded in applications present particular issues to auditors. Even their detection can require some technology experience. Understanding and auditing them even more. Also, they may be in the system but not used by important business processes. Or the risks they cover may be compensated by manual controls.
Providing assurance on such controls requires IT Assurance expertise as well as a thorough understanding of the related business processes. Therefore such work is often carried out on a collaborative basis.
This is one of the messages in an article on Deloitte's Information and Controls Assurance Website. It's a relatively new site of Deloitte Global Services with useful information for assurance providers and others with an interest in or responsibility for controls. Check it out here.