Because tasks and titles vary, an IT auditor should concentrate upon the analysis and development processes that should be considered in SILCM, despite what any individual or group choose for delineation or designation. Objectives should be developed to address the seven COBIT information criteria (Effectiveness, Efficiency, Confidentiality, Integrity, Availability, Compliance, and Reliability); and then agreed upon by the entity’s management.
Commonly, the purpose of an application systems assurance is to identify, document, test and evaluate the controls over an application that are implemented by an entity to achieve relevant control objectives. These control objectives can be categorized into control objectives over the system and the related data. Correspondingly, the selected objectives and ambit of an application systems audit should form part of the TOR.
“View Part I of the Auditing Systems and Infrastructure Life Cycle Management series here“