Page 62 - Courses
P. 62

Understanding the Software Development Life Cycle — IT Certificate

            The Standards  provide the necessary guidance for the internal audit activity to perform
            engagements regardless of which role they engage in. Concerning auditing IT projects, two
            assurance standards specifically address the IT proficiency internal auditors must possess. The two
            standards are IIA Standard 1210.A3: Proficiency, mentioned in the introduction of this course and IIA
            Standard 2110.A2: Governance, which states, “The internal audit activity must assess whether the
            information technology governance of the organization supports the organization’s strategies and
            objectives.”

            It is important to recognize that having internal audit involved with IT projects is important. From
            initiation through disposition, internal audit involvement ensures the addition of value by evaluating
            the effectiveness of risk management. The internal auditors responsible for auditing IT projects will
            need to determine that the SDLC is appropriately followed. They will then use the phases of the
            SDLC to determine when to perform the audit engagement and what controls to test.

            Benefits of Internal Audit Involvement

            By offering an independent approach, internal auditors can assess whether an organization or
            function is achieving its stated objectives.

            Additional benefits of internal audit involvement include:
               •  Providing independent ongoing advice throughout the project.
               •  Identifying key risks or issues early, which enables project team to operate proactively to
                   mitigate risks.
               •  Helping project teams respond to risks to increase the project’s chance of success.

            Auditing Systems in Development

            Auditors review systems in development to assure management of:

            •  Design issues are identified and changes are implemented in a timely manner.
            •  When identified issues are not corrected in a timely manner, there are procedures in place to
               elevate them to higher-level management.

            •  Users are satisfied with system functionality.
            •  There are procedures in place to correct identified user system functionality issues.

            •  The system performs in accordance with the reason it was developed.
            •  The system produces complete and accurate processing and reporting.

            •  The business controls are in place prior to launching.
            •  The system incorporates internal controls within its functionality and that they have been
               adequately tested.



            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
   57   58   59   60   61   62   63   64   65   66   67