Application controls audit framework in the context of ERP systems

Main Article Content

Sakchai TANGPRASERT

sakchai.t@sci.kmutnb.ac.th

Nalinpat BHUMPENPEIN

nalinpat.b@itd.kmutnb.ac.th

Abstract

The role of business operations driven by information technology systems is crucial, particularly the use of Enterprise Resource Planning (ERP) systems. Within organizations, both operational staff and management engage with ERP systems, which introduces potential vulnerabilities to operational errors or fraudulent activities. Consequently, auditing application controls becomes a matter. This study conducted a Systematic Literature Review (SLR) to investigate the scope of internal audit, with a focus on application control and associated risks. Based on the SLR results, an application controls audit framework for ERP is proposed. It consists of ten essential controls that must be implemented, including the software development process, access control, input control, process control, output control, change control, incident control, legal and ethical control, information security risk management, and continuity control. The framework evaluation, based on two case studies, demonstrated high effectiveness and received positive feedback from IT auditors, auditees, management, and executive boards.

Keywords:

internal audit, application controls, IT audit, ERP, systematic literature review

Sustainable Development Goals (SDG)

  • 9 - Industry, Innovation, Technology and Infrastructure

References

Article Details

TANGPRASERT, S., & BHUMPENPEIN, N. (2026). Application controls audit framework in the context of ERP systems. Applied Computer Science, 22(2), 117–125. https://doi.org/10.35784/acs_8701