Systems and infrastructure design effects the controls relied on by an entity’s management, therefore, effecting control processes. Because systems and infrastructure are critical to an entity’s success, control processes should be designed and implemented to achieve specific control objectives. Consequently, within the potential control objectives for an entity, defining project management expectations for safeguarding assets is a necessity.
From an IT governance, risk, and/or compliance perspective; planning and development phases of a system or infrastructure asset are important times to emphasize controls. It makes sense to build in controls before a new IT asset becomes operational, so the deployable item will be reliable from the onset. It is also certainly easier, and less costly, to do it right the first time than to go back and add controls after implementation. In fact, it may not be feasible to add systems and/or infrastructure controls after implementation due to the major architectural revisions often required to ensure an acceptable risk level.
“View Part I of the Safeguarding Assets is an IT Project Management Issue series here“