‘Application-based’ implementation audits assess any or all parts of the deployment process of a project. The IT auditor should assess relevant SDLC stages, as they are occurring, to highlight risks or issues and provide necessary risk mitigation recommendations to the appropriate management.
‘Application-based’ post-implementation audits includes assessing the actual operation of the new system compared to the documented expectations at the time the system project was approved and whether the delivered solution can be adequately managed and controlled. Specifically, post-implementation assurance service coverage includes application-level security after implementation and system conversion if there has been a transfer of data and master file information from the old to the new system.
Lastly, ‘Application-based’ maintenance audits evaluate any part of the project life cycle that performs system remediation.
“View Part I of the Auditing Systems and Infrastructure Life Cycle Management series here“