Application controls audit framework in the context of ERP systems
Article Sidebar
Issue Vol. 22 No. 2 (2026)
-
Path planning in swarm robotics exploration using SARSA and ACO algorithms
Aicha HAFID, Riadh HOCINE, Lahcene GUEZOULI1-15
-
Detection of suspicious facial objects in neutral ATMs using deep learning architectures based on YOLOV8 and Faster R-CNN
Marco Manuel ARAGON PAUCAR, Kelvin Yhonson FERNANDEZ ACERO, Erasmo SULLA ESPINOZA16-32
-
Assessing the effectiveness of one-stage and two-stage methods for identifying high-voltage power grid equipment in UAV imagery
Thi Thanh Tan NGUYEN, Thi Thu Nga VU33-47
-
An automatic speech recognition approach for controlled medications prescription with natural language processing
Luis Enrique COLMENARES-GUILLÉN, Angel Axel MÉNDEZ-MENESES48-66
-
Improving image retrieval using CNN with PCA and Optimized K-Means clustering
Mohsin Hasan HUSSEIN, Ali Mohsin Ahmed AL-SABAAWI, Zakaria A. Hamed ALNAISH67-84
-
Numerical investigation into the hydrodynamic characteristics of water vortex turbines with varied blade angles
Sarwo EDHY SOFYAN, Zamzami, Akhyar AKHYAR, Suriadi, Agus SASMITO85-104
-
Optimization of the corporate cluster structure using the Tabu Search method
Andrzej IMIEŁOWSKI, Łukasz BANAŚ, Bogusław TWARÓG, Janusz BYTNAR105-116
-
Application controls audit framework in the context of ERP systems
Sakchai TANGPRASERT, Nalinpat BHUMPENPEIN117-125
-
Autonomous AI agents in digital markets: Economic implications for competition, pricing, and regulation
Elmira KYDYRBAYEVA, Balhiya SHOMSHEKOVA, Asset ABZHAKOV, Ainur ASHIMOVA, Assel NURTAYEVA126-137
-
Multi-criteria analysis of parameter impact in large-scale robotic 3D printing
Łukasz SOBASZEK, Ivan GAJDOŠ, Pavol ŠTEFČÁK138-147
-
Designing cloud-based knowledge management systems to improve organizational innovation
Hayfaa Subhi MALALLAH, Sherzad Mohammad AJEEL148-168
-
Data normalisation methods on microarray data
Inggih PERNAMA, Shir Li WANG, Hoi Yeh LEE, Suliana SULAIMAN, Hasnatul Nazuha HASSAN169-179
-
Log-based learning analytics of gamified Moodle activities: Quantifying student engagement
Iva GRUBJEŠIĆ, Tomislav IVANJKO, Vedran JURIČIĆ180-192
-
SFAB-Net: Semantic segmentation network for railway track surface defects based on Spatial Fusion and Adaptive Bottleneck feature enhancement
Qike WU, Sharafiz ABDUL RAHIM, Sai Hong TANG, Muhammad Azim AZIZI, Li ZHANG193-207
-
Machine learning approach to detect GAI-disguised academic programming plagiarism
Oscar KARNALIM, Yehezkiel David SETIAWAN, Maresha Caroline WIJANTO, Rossevine Artha NATHASYA208-224
Archives
-
Vol. 22 No. 2
2026-06-30 15
-
Vol. 22 No. 1
2026-03-31 15
-
Vol. 21 No. 4
2025-12-31 12
-
Vol. 21 No. 3
2025-09-30 12
-
Vol. 21 No. 2
2025-06-30 12
-
Vol. 21 No. 1
2025-03-31 12
-
Vol. 20 No. 4
2024-12-31 12
-
Vol. 20 No. 3
2024-09-30 12
-
Vol. 20 No. 2
2024-06-30 12
-
Vol. 20 No. 1
2024-03-30 12
-
Vol. 19 No. 4
2023-12-31 10
-
Vol. 19 No. 3
2023-09-30 10
-
Vol. 19 No. 2
2023-06-30 10
-
Vol. 19 No. 1
2023-03-31 10
-
Vol. 18 No. 4
2022-12-30 8
-
Vol. 18 No. 3
2022-09-30 8
-
Vol. 18 No. 2
2022-06-30 8
-
Vol. 18 No. 1
2022-03-31 8
Main Article Content
Authors
Abstract
The role of business operations driven by information technology systems is crucial, particularly the use of Enterprise Resource Planning (ERP) systems. Within organizations, both operational staff and management engage with ERP systems, which introduces potential vulnerabilities to operational errors or fraudulent activities. Consequently, auditing application controls becomes a matter. This study conducted a Systematic Literature Review (SLR) to investigate the scope of internal audit, with a focus on application control and associated risks. Based on the SLR results, an application controls audit framework for ERP is proposed. It consists of ten essential controls that must be implemented, including the software development process, access control, input control, process control, output control, change control, incident control, legal and ethical control, information security risk management, and continuity control. The framework evaluation, based on two case studies, demonstrated high effectiveness and received positive feedback from IT auditors, auditees, management, and executive boards.
Keywords:
Sustainable Development Goals (SDG)
- 9 - Industry, Innovation, Technology and Infrastructure
References
Agarwal, P., & Gupta, A. (2024, May 3–4). Cybersecurity strategies for safe ERP/CRM implementation [Paper presentation]. 2024 3rd International Conference on Artificial Intelligence For Internet of Things (AIIoT). https://doi.org/10.1109/AIIoT58432.2024.10574707
Aniskina, N. N., & Sorokin, A. V. (2020, September 7–11). Risk management in running ERP-based process model of integrated group of companies [Paper presentation]. 2020 International Conference Quality Management, Transport and Information Security, Information Technologies (IT&QM&IS). https://doi.org/10.1109/ITQMIS51053.2020.9322891
Anshory, B. J., Sfenrianto, S., Kaburuan, E. R., Peranginangin, E., & Fadhila, Q. (2018, October 23–26). Information system audit in SaaS start-up company using COBIT 4.1 focus on deliver and support domain [Paper presentation]. 2018 International Conference on Orange Technologies (ICOT). https://doi.org/10.1109/ICOT.2018.8705886
Anthony Jnr, B. (2019). Validating the usability attributes of AHP-software risk prioritization model using partial least square-structural equation modeling. Journal of Science and Technology Policy Management, 10(2), 404–430. https://doi.org/10.1108/JSTPM-06-2018-0060
Cloete, R., Norval, C., & Singh, J. (2020). A call for auditable virtual, augmented and mixed reality. In Proceedings of the 26th ACM Symposium on Virtual Reality Software and Technology. Association for Computing Machinery. https://doi.org/10.1145/3385956.3418960
Costin, B. V., & Dorian, C. (2019, October 9–11). Global rollouts - risks and factors that affect ERP solutions in Romania - A case study in the sales and distribution area [Paper presentation]. 2019 23rd International Conference on System Theory, Control and Computing (ICSTCC). https://doi.org/10.1109/ICSTCC.2019.8885535
Dantas, E., Neto, A. S., Valadares, D., Perkusich, M., Ramos, F., Almeida, H., & Perkusich, A. (2022). Investigating technological risks and mitigation strategies in software projects. In Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing. Association for Computing Machinery. https://doi.org/10.1145/3477314.3507062
Deniswara, K., Prabowo, H., & Mulyawan, A. N. (2022). Digital business transformation: Exploration of the use of ERP based private cloud to improve managing system in the company (Case study on one of public company in Indonesia). In Proceedings of the 7th International Conference on Industrial and Business Engineering. Association for Computing Machinery. https://doi.org/10.1145/3494583.3494599
Dong, W. (2023). A study on the construction of human resources audit management platform based on big data. In Proceedings of the 2022 6th International Conference on Software and e-Business. Association for Computing Machinery. https://doi.org/10.1145/3578997.3579017
Dybå, T., & Dingsøyr, T. (2008). Empirical studies of agile software development: A systematic review. Information and Software Technology, 50(9–10), 833–859. https://doi.org/10.1016/j.infsof.2008.01.006
Escher, N., & Banovic, N. (2020). Exposing error in poverty management technology: A method for auditing government benefits screening tools. Proceedings of the ACM on Human-Computer Interaction, 4(CSCW1), Article 64. https://doi.org/10.1145/3392874
Fahrezy, M. D., Tjahyadi, R., & Kurniawati, H. (2025, February 3–4). Blockchain adoption in financial audit: A review [Paper presentation]. 2025 International Conference on Advancement in Data Science, E-learning and Information System (ICADEIS). https://doi.org/10.1109/ICADEIS65852.2025.10933126
Fraga, C., Abelém, A., Borges, V., Pinheiro, B., & Cordeiro, W. (2024, May 6–10). A blockchain-based approach for continuous auditing in IT change management [Paper presentation]. NOMS 2024-2024 IEEE Network Operations and Management Symposium. https://doi.org/10.1109/NOMS59830.2024.10575576
Garg, P., & Khurana, R. (2017). Applying structural equation model to study the critical risks in ERP implementation in Indian retail. Benchmarking: An International Journal, 24(1), 143–162. https://doi.org/10.1108/BIJ-12-2015-0122
Garrison, W. C., Lee, A. J., & Hinrichs, T. L. (2014). An actor-based, application-aware access control evaluation framework. In Proceedings of the 19th ACM Symposium on Access Control Models and Technologies. Association for Computing Machinery. https://doi.org/10.1145/2613087.2613099
Handoko, B. L., & Amelia, R. (2021). Implementation of good corporate governance, internal audit, whistle-blowing system for fraud prevention in state-owned enterprise. In Proceedings of the 2021 12th International Conference on E-business, Management and Economics. Association for Computing Machinery. https://doi.org/10.1145/3481127.3481144
Handoko, B. L., Gunawan, B. A., & Djati, M. F. P. (2022). Importance of blockchain within the Big 4 CPA firms: Cryptocurrency's existence. In Proceedings of the 6th International Conference on E-Commerce, E-Business and E-Government. Association for Computing Machinery. https://doi.org/10.1145/3537693.3537718
Handoko, B. L., Melisa, M., & Reinaldy, N. (2023). External auditors’ perception of use of virtual reality in financial statement auditing process. In Proceedings of the 2022 6th International Conference on Software and e-Business. Association for Computing Machinery. https://doi.org/10.1145/3578997.3579002
Huang, L., & Huang, H. (2012, May 19–20). ERP system architecture in the process of selection game [Paper presentation]. 2012 International Conference on Systems and Informatics (ICSAI2012).
Imran, M., Hamid, S., & Ismail, M. A. (2023). Advancing process audits with process mining: A systematic review of trends, challenges, and opportunities. IEEE Access, 11, 68340–68357. https://doi.org/10.1109/ACCESS.2023.3292117
Iyer, P., & Masoumzadeh, A. (2023). Towards automated learning of access control policies enforced by web applications. In Proceedings of the 28th ACM Symposium on Access Control Models and Technologies. Association for Computing Machinery. https://doi.org/10.1145/3589608.3594743
Jørgensen, M. (2017). Software development contracts: The impact of the provider's risk of financial loss on project success. In Proceedings of the 10th International Workshop on Cooperative and Human Aspects of Software Engineering. IEEE. https://doi.org/10.1109/CHASE.2017.1
Khan, H. H., Mahrin, M. N. b., & Chuprat, S. b. (2013, December 2–4). Situational requirement engineering: A systematic literature review protocol [Paper presentation]. 2013 IEEE Conference on Open Systems (ICOS). https://doi.org/10.1109/ICOS.2013.6735060
Khemakhem, F., Ellouzi, H., Ltifi, H., & Ayed, M. B. (2022). Agent-based intelligent decision support systems: A systematic review. IEEE Transactions on Cognitive and Developmental Systems, 14(1), 20–34. https://doi.org/10.1109/TCDS.2020.3030571
Laadar, H. B., Cherti, I., & Bahaj, M. (2019). ERP systems in SMEs between a choice & an obligation. In Proceedings of the 2019 8th International Conference on Educational and Information Technology. Association for Computing Machinery. https://doi.org/10.1145/3318396.3318438
Li, X., Cao, C., & Yin, Y. (2020). Risk analysis of ERP in FY coal-fired power enterprises. In Proceedings of the 2020 4th International Conference on Management Engineering, Software Engineering and Service Sciences. Association for Computing Machinery. https://doi.org/10.1145/3380625.3380631
Lucaj, L., Smagt, P. v. d., & Benbouzid, D. (2023). AI regulation is (not) all you need. In Proceedings of the 2023 ACM Conference on Fairness, Accountability, and Transparency. Association for Computing Machinery. https://doi.org/10.1145/3593013.3594079
Mamakou, X. J., Cohen, S., & Manolopoulos, D. (2024). Post-implementation evaluation of enterprise resource planning (ERP) systems: An internal auditors’ perspective. Journal of Systems and Information Technology, 26(3), 363–394. https://doi.org/10.1108/JSIT-11-2023-0264
Manaf, K., Subaeki, B., Solihin, H. H., Pitara, S. W., Hidayat, S., & Laluma, R. H. (2021, November 18–19). Digital report application audit using the COBIT 5 framework [Paper presentation]. 2021 15th International Conference on Telecommunication Systems, Services, and Applications (TSSA). https://doi.org/10.1109/TSSA52866.2021.9768264
Marques, J., Yelisetty, S., Slavov, T., & Barros, L. (2023). Enhancing aviation software development: An experience report on conducting audits. In Proceedings of the XXII Brazilian Symposium on Software Quality. Association for Computing Machinery. https://doi.org/10.1145/3629479.3629505
Meiryani, M., Patricia, S., & Presillia, S. (2023). The effect of computerized accounting information systems, big data analysis, and internal audit in accounting fraud detection. In Proceedings of the 2023 8th International Conference on Big Data and Computing. Association for Computing Machinery. https://doi.org/10.1145/3624288.3624290
Morales, H. R., Porporato, M., & Epelbaum, N. (2022). Benford's law for integrity tests of high-volume databases: A case study of internal audit in a state-owned enterprise. Journal of Economics, Finance and Administrative Science, 27(53), 154–174. https://doi.org/10.1108/JEFAS-07-2021-0113
Orosz, I., Selmeci, A., & Orosz, T. (2019, January 24–26). Software as a Service operation model in cloud based ERP systems [Paper presentation]. 2019 IEEE 17th World Symposium on Applied Machine Intelligence and Informatics (SAMI). https://doi.org/10.1109/SAMI.2019.8782739
Petersen, K., Feldt, R., Mujtaba, S., & Mattsson, M. (2008). Systematic mapping studies in software engineering [Paper presentation]. 12th International Conference on Evaluation and Assessment in Software Engineering. https://doi.org/10.14236/ewic/EASE2008.8
Popchev, I., Radeva, I., & Velichkova, V. (2021, October 28–29). The impact of blockchain on internal audit [Paper presentation]. 2021 Big Data, Knowledge and Control Systems Engineering (BdKCSE). https://doi.org/10.1109/BdKCSE53180.2021.9627276
Sabillon, R., & Barr, M. (2024, April 15–18). Planning and conducting cybersecurity audits to assess the effectiveness of controls [Paper presentation]. 2024 IEEE International Systems Conference (SysCon). https://doi.org/10.1109/SysCon61195.2024.10553588
Schnepf, J., Scheuermann, B., & Vetter, P. (2023, December 15–18). Analyzing data sets for ML-driven fraud detection in SAP systems [Paper presentation]. 2023 IEEE International Conference on Big Data (BigData). https://doi.org/10.1109/BigData59044.2023.10386379
Seidelin, C., Moreau, T., Shklovski, I., & Møller, N. H. (2022). Auditing risk prediction of long-term unemployment. Proceedings of the ACM on Human-Computer Interaction, 6(GROUP), Article 8. https://doi.org/10.1145/3492827
Shaturaev, J. (2024). Modeling the impact of information on audits on taxpayer risk profiles and evasions. In Proceedings of the 7th International Conference on Future Networks and Distributed Systems. Association for Computing Machinery. https://doi.org/10.1145/3644713.3644735
Siemuri, A., Selvan, K., Kuusniemi, H., Valisuo, P., & Elmusrati, M. S. (2022). A systematic review of machine learning techniques for GNSS use cases. IEEE Transactions on Aerospace and Electronic Systems, 58(6), 5043–5077. https://doi.org/10.1109/TAES.2022.3219366
Singh, S., Singh, S., & Misra, S. C. (2023). Post-implementation challenges of ERP system in pharmaceutical companies. International Journal of Quality & Reliability Management, 40(4), 889–921. https://doi.org/10.1108/IJQRM-10-2020-0333
Song, Y., Yin, M., Meng, F., & Ding, X. (2011, November 26–27). Enterprise internal controlling risks and prevention within ERP system [Paper presentation]. 2011 International Conference on Information Management, Innovation Management and Industrial Engineering.
Sun, Y., Zhang, X., & Han, M. (2023). Research on the application of blockchain technology in big data auditing. In Proceedings of the 2023 3rd International Conference on Robotics and Control Engineering. Association for Computing Machinery. https://doi.org/10.1145/3598151.3598160
Valdebenito, J., & Quelopana, A. (2018). Understanding the landscape of research in Enterprise Resource Planning (ERP) systems adoption. In Proceedings of the 2018 International Conference on Computers in Management and Business. Association for Computing Machinery. https://doi.org/10.1145/3232174.3232178
Wang, K., Zhang, Y., & Chang, E. (2020). A conceptual model for blockchain-based auditing information system. In Proceedings of the 2nd International Electronics Communication Conference. Association for Computing Machinery. https://doi.org/10.1145/3409934.3409949
Wen, C. Y., Ying, S. L. X., & Nair, R. K. (2020). The responsibility of internal auditors in preventing fraud in Malaysia listed companies. In Proceedings of the 2019 2nd International Conference on E-Business, Information Management and Computer Science. Association for Computing Machinery. https://doi.org/10.1145/3377817.3377831
Yadav, T., Kulkarni, P., Balaji, C. G., & Chirputkar, A. (2024, November 25). Application of big data analytics in internal audit of banks [Paper presentation]. 2024 International Conference on Intelligent & Innovative Practices in Engineering & Management (IIPEM). https://doi.org/10.1109/IIPEM62726.2024.10925684
Zambon, E., Bolzoni, D., Etalle, S., & Salvato, M. (2007, July 1–5). A model supporting business continuity auditing and planning in information systems [Paper presentation]. Second International Conference on Internet Monitoring and Protection (ICIMP 2007). https://doi.org/10.1109/ICIMP.2007.4
Article Details
Abstract views: 5
License

This work is licensed under a Creative Commons Attribution 4.0 International License.
All articles published in Applied Computer Science are open-access and distributed under the terms of the Creative Commons Attribution 4.0 International License.
