@ll: as you know, any information system application (in sas or in other technology) must have be implemended by respecting some norms( technical, fonctionnel, craft). I would like to know, if we can have a tool( Execl sheets, ) to audit an informations system application. what's about the methodology developped by CISA ( certificated information system auditor ) ?