What is your approach for testing application control effectiveness / control monitoring?

I work for a company with several hundred applications. Testing General Controls is simple, but I cannot figure out how to test application controls without needing a team only doing that full time.

So how do you ensure application controls are working effectively in your company? Evaluate the top 10 annually? Top 20? Sample applications? Just test them all annually? Something else?

application application control applications control controls cybersecurity doing effectively general monitoring simple team test testing what is work working