Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, Infrastructure, IT Audit, Life Cycle Management, SDLC, Systems
Categorically, ‘Application-based’ pre-acquisition audits assess a system prior to obtaining usage rights considering such matters as: software requirements, vendor bidding, and system selection. Specifically, pre-acquisition assurance service coverage includes effects on IT resources, cost, and plans.
Whereas; ‘Application-based’ pre-implementation audits assess a system under construction considering matters such as, whether: appropriate controls are designed into the system; the application will process information in a complete, accurate and reliable manner; the application will function as intended; the application will function in compliance with any applicable statutory provisions; the system is developed in compliance with the established systems development life cycle process. Whereby, at the detail-level, a pre-implementation application audit normally addresses the architecture of application-level security, plans for the implementation of security, the adequacy of system and user documentation, and the adequacy of actual or planned user-acceptance testing.
“View Part I of the Auditing Systems and Infrastructure Life Cycle Management series here“