Information Technology Reference
In-Depth Information
Auditor Involvement in Systems Deployment
Overview
Enterprises throughout their life cycle implement various IT projects designed to automate
and improve performance of the enterprise. These could be new projects or projects designed
to upgrade existing systems. Quite often systems are upgraded in order to incorporate new
business processes, additional controls, or new technologies.
Often IS auditors are not involved in development or deployment of systems and are only
called upon when systems are either ready for deployment or already in operation. With the
advancement of technology and dependence on IT systems (which are the lifeline of enter-
prises today), it is important that IS auditors are involved in system deployment in order to
ensure that IT controls, security, and other important system features are included in the new
or upgraded systems. The role of the IS auditor is not to get involved in the design and im-
plementation of the systems but to ensure that the required controls, security, and user spe-
cifications are incorporated in the systems being deployed and that the systems are properly
tested.
Standards and guidelines have been developed to guide IS auditor involvement in systems
deployment by ISACA and other professional associations. It is important that IS auditors
use standards and guidelines as they provide details of the requirements for auditing systems
deployment. Often you will find IS auditors doing more than they are required to do on IT
projects.
In order to have a clear understanding of the auditors' involvement in systems deployment,
we shall use the systems development life cycle (SDLC) activities. You will note that there
are a standard number of activities you would find in a traditional life cycle. Below is an
extended SDLC, which we will use to explain the IS auditor's involvement in system de-
ployment or development.
Figure 8.1 Extended SDLC
Search WWH ::
Custom Search