Scope of Application Security Memo
Subscriber Content
This memo outlines the assumptions and decision criteria used to scope the documentation efforts around application security.
In this sample, management classified application security as a high-risk process. Management evaluated several attributes and concluded that the process holds the following attributes: highly dependent on manual intervention, has a lack of segregation of duties in key tasks, is moderately people dependent, and involves a moderate level of judgment or assumption. In addition, management considers application security an IT entity–wide process and therefore its control environment affects all financial statement elements.