The review seeks to ensure that the Application Package contains the appropriate controls as envisaged and required so that the application, consisting of both computerised and manual processes, meets the business requirements for accuracy, comprehensiveness of processing, availability and security of information. The review is carried by using a structured methodology. The methodology has four stages (planning, programme preparation, execution and conclusion) with checkpoints and deliverables at the end of each stage. The methodology is supported by a database of key controls. This can be performed either at pre-implementation or post implementation stage.

Pre-implementation review of new application systems
During the system development phase, we review the application systems to determine the extent of control over, and the auditability of the system. We evaluate the adequacy of testing, definition of user responsibility, adequacy of audit trails, planned conversion procedures and recovery capability.

Post-implementation review of application systems
We review and evaluate the internal controls in a computer-based system once it is operational.