Focuses on auditing controls embedded within business applications (input, processing, output controls) and reviewing the controls throughout the Software Development Life Cycle (SDLC).