There is general agreement that IT auditor involvement in systems and infrastructure development life cycle (SIDLC) projects would aid in ensuring IT architecture items work properly and include adequate controls. However, there is less agreement as to role IT auditors should play in the SIDLC. Should IT auditors merely review system and/or infrastructure development processes and resulting controls, or should they actively involve themselves in the design processes?
Within the potential systems and infrastructure life cycle management (SILCM) IT assurance ambits, when focusing on deployment processes, a SIDLC methodology will be of little use if projects are not adequately managed. Consequently, the value of project management techniques in project planning and control cannot be overestimated. In contrast, project planning is the process of ensuring that the project’s objectives are translated into a work program. Whereas; project control is the process of ensuring execution of the processes, activities, and tasks identified in the project plan.