A set of processes or functionality that tracks changes to one or more components of a system, ensuring the completeness and accuracy of transaction processing, authorization, and validity of system operations.
Audit controls (in software development) are a series of procedures that track changes to systems or components of a larger system. The exact systems or components that are subject to audit are determined by the risk exposure of the overall system.
The most common types of audit controls are (see "Information technology audit" article on Wikipedia):
Data Capture Controls – ensures that all transactions are recorded in the application system, transactions are recorded only once, and rejected transactions are identified, controlled, corrected, and re-entered into the system.
Data Validation Controls – ensures that all transactions are properly valued.
Processing Controls – ensures the proper processing of transactions.
Output Controls – ensures that computer output is not distributed or displayed to unauthorized users.
Error Controls – ensures that errors are corrected and resubmitted to the application system at the correct point in processing.
Most of these controls are applied at the systems level. For example ACID compliant databases systems provide a level of data capture control.
You should tag your question with audit if you're asking about any of the following:
- Tracking changes to a system
- "Who did what" controls
- How to implement a "Maker-Checker" workflow
Questions related to general system logging of events and errors should not be tagged with audit.
