Systems Development and Project Management Audit/Assurance Program 


Systems Development and Project Management Audit/Assurance Program   Download (Member Only, 5M)
Bookstore Purchase the Book

  Provide feedback on this document
Knowledge Center  Visit the Audit Tools and Techniques Knowledge Center community
Knowledge Center  Visit the Project/Program/Portfolio Management (P3M) Knowledge Center community

The audit/assurance programs reflect the IT Assurance Framework (ITAF) sections 3400—IT Management Processes, 3600—IT Audit and Assurance Processes and 3800—IT Audit and Assurance Management and were developed in alignment with the Control Objectives for Information and related Technology (COBIT®)—specifically COBIT 4.1.

Objective—The objectives of the systems development and project management audit/ assurance review are to:
  • Provide management with an independent assessment of the progress, quality and attainment of project/program objectives at defined milestones within the project/program
  • Provide management with an evaluation of the internal controls of proposed business processes at a point in the development cycle where enhancements can be easily implemented and processes adapted
  • Satisfy process audit/assurance objectives in reviewing the process before it goes live, place future reliance on the process based upon the assurance work performed while the application is under development, and implement integrated computer-assisted audit techniques (CAATs) as part of the design of the application

Scope—The review will focus upon the (initiation/planning/execution/closure/ postimplementation) phase of the systems development process for the {insert application name}. It will rely upon the systems development methodology to provide a design, development, and testing methodology and the project management methodology to provide accurate and efficient planning, budgeting and cost control.

IT audit and assurance professionals are expected to customize this document to the environment in which they are performing an assurance process. This document is to be used as a review tool and starting point. It may be modified by the IT audit and assurance professional; it is not intended to be a checklist or questionnaire. It is assumed that the IT audit and assurance professional holds the Certified Information Systems Auditor (CISA) designation or has the necessary subject matter expertise required to conduct the work and is supervised by a professional with the CISA designation and necessary subject matter expertise to adequately review the work performed.