Software Assurance Audit/Assurance Program 


Software Assurance Audit/Assurance Program  Download (176K; Member Only)
Bookstore Purchase the Book

  Provide feedback on this document
Knowledge Center  Visit the Audit Tools and Techniques Knowledge Center community

The software assurance audit/assurance review will:

  • Provide management with an assessment of the maturity and effectiveness of the enterprise’s policies and procedures relating to the development, acquisition, and deployment of software
  • Identify deficiencies in internal controls which might negatively affect the various compliance components with which the enterprise must comply.
  • Identify control weaknesses in the processes to develop, acquire, and deploy software that could affect the reliability, accuracy, stability, and security of the enterprise’s information

The review will focus on:

  • Policies and processes to control the development, acquisition, and deployment of software across the organization
  • The maturity of these controls, i.e., the degree to which they are “baked into” the deployment of across the organization

This review should be independent of (a) any particular software development methodology or development lifecycle, and (b) whether the organization typically acquires (i.e., buy or lease) or develops business software systems.

IT audit and assurance professionals are expected to customize this document to the environment in which they are performing an assurance process. This document is to be used as a review tool and starting point. It may be modified by the IT audit and assurance professional; it is not intended to be a checklist or questionnaire. It is assumed that the IT audit and assurance professional has the necessary subject matter expertise required to conduct the work and is supervised by a professional with the Certified Information Systems Auditor (CISA) designation and/or necessary subject matter expertise to adequately review the work performed.