“View Part I of the Auditing Systems and Infrastructure Life Cycle Management series here“

Commonly, the purpose of an application systems assurance is to identify, document, test and evaluate the controls over an application that are implemented by an entity to achieve relevant control objectives. These control objectives can be categorized into control objectives over the system and the related data. Correspondingly, the selected objectives and ambit of an application systems audit should form part of the TOR.

“View Part I of the Auditing Systems and Infrastructure Life Cycle Management series here“

Typically, management is interested in IT project management work performance processes — with emphasis on requirements and expectations ensuring entity-centric objectives achievement. Consequently, the focus of SILCM engagements should be on project management processes; with the objective of improving implementation efficiency and effectiveness.

“View Part I of the Auditing Systems and Infrastructure Life Cycle Management series here“

“View Part I of the Auditing Systems and Infrastructure Life Cycle Management series here“

‘Application-based’ post-implementation audits includes assessing the actual operation of the new system compared to the documented expectations at the time the system project was approved and whether the delivered solution can be adequately managed and controlled. Specifically, post-implementation assurance service coverage includes application-level security after implementation and system conversion if there has been a transfer of data and master file information from the old to the new system.

Lastly, ‘Application-based’ maintenance audits evaluate any part of the project life cycle that performs system remediation.

“View Part I of the Auditing Systems and Infrastructure Life Cycle Management series here“

Whereas; ‘Application-based’ pre-implementation audits assess a system under construction considering matters such as, whether: appropriate controls are designed into the system; the application will process information in a complete, accurate and reliable manner; the application will function as intended; the application will function in compliance with any applicable statutory provisions; the system is developed in compliance with the established systems development life cycle process. Whereby, at the detail-level, a pre-implementation application audit normally addresses the architecture of application-level security, plans for the implementation of security, the adequacy of system and user documentation, and the adequacy of actual or planned user-acceptance testing.

“View Part I of the Auditing Systems and Infrastructure Life Cycle Management series here“

“View Part I of the Auditing Systems and Infrastructure Life Cycle Management series here“

Within the potential systems and infrastructure life cycle management (SILCM) IT assurance ambits, when focusing on deployment processes, a SIDLC methodology will be of little use if projects are not adequately managed. Consequently, the value of project management techniques in project planning and control cannot be overestimated. In contrast, project planning is the process of ensuring that the project’s objectives are translated into a work program. Whereas; project control is the process of ensuring execution of the processes, activities, and tasks identified in the project plan.

From an IT governance, risk, and/or compliance perspective; planning and development phases of a system or infrastructure asset are important times to emphasize controls. It makes sense to build in controls before a new IT asset becomes operational, so the deployable item will be reliable from the onset. It is also certainly easier, and less costly, to do it right the first time than to go back and add controls after implementation. In fact, it may not be feasible to add systems and/or infrastructure controls after implementation due to the major architectural revisions often required to ensure an acceptable risk level.

“View Part I of the Safeguarding Assets is an IT Project Management Issue series here“

“View Part I of the Safeguarding Assets is an IT Project Management Issue series here“