Posted by: Robert Davis
Accountability, Accounting, Application Portfolio Management, Asset Management, Audit Assurance, Audit Committee, Certified Information Systems Auditor, Change Control, Change Management, Control Processes, Decision Making, Enterprise Governance, ERP, Fiduciary Responsibility, Governance Tree, IT Governanace, Life Cycle Management, Organizational Structure, Project Management, Risk Management, Value Delivery
Current events posted by various news outlets, including Fox News, the Wall Street Journal, Forbes and Yahoo.com, concerning Knight Capital’s financial debacle, present some very serious allegations regarding managerial due diligence during system development lifecycles. In this case, the cost to the already troubled firm is an estimated $440,000,000.00 USD. An amount no financial-based institution can classify as immaterial.
Undoubtedly, an individual and/or group authorized activation of this critical new application. Yet, it appears adequate precautions, such as application processing testing, were not performed either prior to deployment, during implementation, or after installation by the project team.
Considering, as computing power has advanced, entities have become increasingly dependent on technology to carry out their operational requirements and to collect, process, maintain, and report essential data. This reliance on electronically encoded data and on the systems that affect managerial decisions are a major concern of audit professionals. Consequently, Information Technology (IT) auditors examine the adequacy of controls in information systems and related operations to assure effectiveness and efficiency in business processes. In addition, among other assurance services, IT auditors evaluate the reliability of computer generated data supporting financial statements and analyze specific programs and their processing results. Thus, my question regarding the circumstances that produced this extraordinary financial loss is: Did management assign an IT auditor to the software project team?